[PATCH 1/5] Add general crypto auditing infrastructure
Eric Paris
eparis at redhat.com
Tue Nov 23 15:12:31 UTC 2010
On Tue, 2010-11-23 at 13:50 +0100, Miloslav Trmač wrote:
> Collect audited crypto operations in a list, because a single _exit()
> can cause several AF_ALG sockets to be closed, and each needs to be
> audited.
>
> Add the AUDIT_CRYPTO_OP field so that crypto operations are not audited
> by default, but auditing can be enabled using a rule (probably
> "-F crypto_op!=0").
Just an implementation question, why a new list instead of finding a way
to reuse struct audit_aux_data?
-Eric
More information about the Linux-audit
mailing list