[PATCH] audit: log on the future execution of a path
Steve Grubb
sgrubb at redhat.com
Tue May 6 15:10:11 UTC 2014
On Tue, 06 May 2014 10:57:30 -0400
Eric Paris <eparis at redhat.com> wrote:
> On Mon, 2014-05-05 at 17:10 -0400, Steve Grubb wrote:
> > On Mon, 5 May 2014 16:41:53 -0400
> > Richard Guy Briggs <rgb at redhat.com> wrote:
> >
> > > Only problem is, it doesn't work. What assumptions am I making
> > > that aren't valid about the approach in this kernel code?
> > >
> > > I also considered adding the path string pointer to the struct
> > > audit_field.
> > >
> > > Any suggestions?
> >
> > What I was thinking about is that it should work a lot like a watch
> > for
>
> We agree up to this point.
>
> > execution except when the watch triggers, it actually fills in a pid
> > field for a syscall rule and loads it instead of emitting an event.
>
> And now we disagree.
That's fine. It was only a suggestion. As long as the effect is the
same, I don't care how its implemented. :-)
-Steve
More information about the Linux-audit
mailing list