audit_ftype_to_name?
Steve Grubb
sgrubb at redhat.com
Tue Oct 22 17:59:32 UTC 2013
On Friday, October 18, 2013 12:47:23 PM Stephen Quinney wrote:
> I am wanting to use the audit_ftype_to_name function which is provided
> in the audit python module. It seems that this always returns None
> which is not particularly useful.
It shouldn't return that except when there is no match.
> I can see that the function is implemented in lib/lookup_table.c and it only
> does something when the NO_TABLES cpp macro is not defined.
Correct.
>In src/mt/Makefile.am that is defined (with -DNO_TABLES in AM_CFLAGS), I assume
> that is deliberate?
Yes. That location is a private copy recompiled for pthreads use and linked
only to auditd. Auditd has no use for those tables so they are thrown away.
> I can't see any definition of the ftype_i2s function which is called
> by audit_ftype_to_name so maybe this hasn't been implemented yet?
Yes, it has been. However, its over in lib/libaudit.
It seems to work fin on my system:
#!/usr/bin/env python
import sys
import audit
name = audit.audit_ftype_to_name(0140000)
print '%s\n' % (name,),
sys.exit(0)
$ ./test.py
socket
More information about the Linux-audit
mailing list