[patch 2/3] audit: rework execve audit
Peter Zijlstra
a.p.zijlstra at chello.nl
Tue Jul 3 15:00:55 UTC 2007
On Tue, 2007-06-26 at 15:55 -0700, Andrew Morton wrote:
> On Wed, 13 Jun 2007 12:03:36 +0200
> Peter Zijlstra <a.p.zijlstra at chello.nl> wrote:
>
> > +#ifdef CONFIG_AUDITSYSCALL
> > + {
> > + .ctl_name = CTL_UNNUMBERED,
> > + .procname = "audit_argv_kb",
> > + .data = &audit_argv_kb,
> > + .maxlen = sizeof(int),
> > + .mode = 0644,
> > + .proc_handler = &proc_dointvec,
> > + },
> > +#endif
>
> Please document /proc entries in Documentation/filesystems/proc.txt
Signed-off-by: Peter Zijlstra <a.p.zijlstra at chello.nl>
---
Documentation/filesystems/proc.txt | 7 +++++++
1 file changed, 7 insertions(+)
Index: linux-2.6/Documentation/filesystems/proc.txt
===================================================================
--- linux-2.6.orig/Documentation/filesystems/proc.txt
+++ linux-2.6/Documentation/filesystems/proc.txt
@@ -1075,6 +1075,13 @@ check the amount of free space (value is
resume it if we have a value of 3 or more percent; consider information about
the amount of free space valid for 30 seconds
+audit_argv_kb
+-------------
+
+The file contains a single value denoting the limit on the argv array size
+for execve (in KiB). This limit is only applied when system call auditing for
+execve is enabled, otherwise the value is ignored.
+
ctrl-alt-del
------------
More information about the Linux-audit
mailing list