multipart messages & delivery guarantees
Hassan Sultan
hsultan at thefroid.net
Mon Feb 23 03:15:07 UTC 2015
Hi,
Some events, such as execve or socket-related syscalls generate more than
one message, which I'll separate as the "main" message, and then the 'sub'
messages.
Does the audit system guarantee in any way that user-mode will receive
either no message, or all messages for a given event ?
I'm curious to know if for example I could get an execve syscall message,
but no cwd message, for example in case of low-memory condition.
Thanks,
Hassan
More information about the Linux-audit
mailing list