[PATCH] TaskTracker : Simplified thread information tracker.
Tetsuo Handa
penguin-kernel at I-love.SAKURA.ne.jp
Sat Sep 27 15:13:14 UTC 2014
Steve Grubb wrote:
> On Sat, 27 Sep 2014 10:02:44 +0900
> Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp> wrote:
>
> > May I continue proposing this functionality?
>
> From the audit perspective, sure. I think we were expecting a revised
> patch after the comments. Other groups may have different thoughts,
> though.
>
> -Steve
OK, thank you. Before posting a revised patch, can I hear answers about
specification questions listed below?
(Q1) Where can I find which bytes in $value need to be escaped when
emitting a record like name='$value' ? Is 0x20 in $value permitted?
(Q2) Does auxiliary record work with only type=SYSCALL case?
Regards.
More information about the Linux-audit
mailing list