[PATCH] audit: Add cmdline to taskinfo output
Steve Grubb
sgrubb at redhat.com
Tue Oct 29 15:14:35 UTC 2013
On Monday, October 28, 2013 04:50:38 PM William Roberts wrote:
> On some devices, the cmdline and task info vary. For instance, on
> Android, the cmdline is set to the package name, and the task info
> is the name of the VM, which is not very helpful.
>
> The additional cmdline output only runs if the audit feature
> AUDIT_FEATURE_CMDLINE_OUTPUT is set high at runtime.
I don't exactly like this. The audit event records are very normalized. When
you have a specific kind of record, you can count on always having the certain
fields even if its value is (NULL). So, having fields swinging in and out by
configuration is not something I'd like to see start.
Can you show me an event that has the problem and what it looks like when its
fixed by this patch?
Thanks,
-Steve
More information about the Linux-audit
mailing list