Getting the program name in audit messages
Steve Grubb
sgrubb at redhat.com
Fri Apr 1 14:51:15 UTC 2005
On Friday 01 April 2005 09:34, Stephen Smalley wrote:
> Ok, if you think that this is a real concern, and given that syscall
> auditing is presently disabled by default (requires explicit audit=1
> kernel boot parameter or auditctl -e 1 to enable),
Yes, this was a concern since it possibly changed the behavior of deployed
systems (RHEL4, FC3).
> possibly we should drop the patch to avc_audit for now while still adding it
> to audit_log_exit.
If we go this route, I'd like to push my original patch to get comm and
syscall information in the avc messages. Dan has been wanting an improvement
in that area for quite a while.
-Steve
More information about the Linux-audit
mailing list