Expanding PATH records to be absolute paths
Matthew Booth
mbooth at redhat.com
Wed Sep 12 18:14:58 UTC 2007
As I mentioned in my austream email, I need to be able to rewrite
outgoing PATH records to have absolute paths. I can obviously do this
from scratch, and if there's no better way then this is what I will do.
However, I'm aware that work has gone on in the userspace message
parsing area, and I'd like to avoid reinventing the wheel. I have a few
constraints, though:
* Must work on libraries shipped with RHEL 4.5
If necessary, I will import bits of code from later versions into
austream, however I'm not prepared to require updating from the shipped
audit-libs. If I need to do this, how can I minimise maintenance pain?
Maybe separate parsing libraries into a separate package and depend on
it?
* Must work on a stream
I don't write anything to disk. It must work on messages as read from
the audit netlink socket.
* It must be fast
I need to remain sure that I can put the tool into a performance
critical environment with confidence that I won't kill it.
If I were going to do this from scratch, I'd cache CWD records and
rewrite PATH records on the way through. I don't believe any other
record requires this. AVC paths are already absolute, and I don't think
there are any other paths. Is this right?
Thanks,
Matt
--
Matthew Booth, RHCA, RHCSS
Red Hat, Global Professional Services
M: +44 (0)7977 267231
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20070912/2118f261/attachment.sig>
More information about the Linux-audit
mailing list