finit_module
Steve Grubb
sgrubb at redhat.com
Mon Apr 7 16:50:04 UTC 2014
On Monday, April 07, 2014 12:37:48 PM Eric Paris wrote:
> On Fri, 2014-04-04 at 08:43 -0400, Steve Grubb wrote:
> > Hello,
> >
> > In checking a system with newish kernel, 3.13.7, I noticed that sometimes
> > finit_module is producing PATH records. Why?
>
> Because the module created all of those files while it was loading...
Hmm...I don't think what we are getting is expected or useful. It would be
nice to know what the paths are instead of NULL. It would also be highly
desirable to get some basic information recorded about what module is getting
loaded in an aux record. Especially since loading modules are how system tap
and some of the kernel bug patching tools get loaded.
-Steve
More information about the Linux-audit
mailing list