listening to /dev/audit in a pthread program
paul moore
paulmoore100 at hotmail.com
Fri Apr 20 23:43:23 UTC 2007
(Ignore my comment about /dev/audit - I wasn't thinking, yes I call
audit_open)
Thanks
In fact I was wrong. In both cases the listener loop is in a secondary
thread (gotta read my own code more closely). The differntiator is where the
audit_open is called relative to the other threads.
So a bit more hacking based on your reply shows the real rule :-
The pid passed to audit_set_pid must be the pid that called audit_open not
the pid that's listening
Thanks agin. All working now
-----Original Message-----
From: Steve Grubb [mailto:sgrubb at redhat.com]
Sent: Friday, April 20, 2007 4:13 PM
To: linux-audit at redhat.com
Cc: paul moore
Subject: Re: listening to /dev/audit in a pthread program
On Friday 20 April 2007 18:35:34 paul moore wrote:
> I have an test app that quite happily does an audit_set_pid and then
> sits there reading /dev/audit.
There isn't a /dev/audit in linux.org kernels.
> It works fine if its in the lead thread. But when I run the same code
> in my real app it runs in a different thread.
The important detail is where the audit_open call is made. Netlink want to
send it to the same tid.
-Steve
More information about the Linux-audit
mailing list