Fwd: Re: Fw: Audit records for start/stop auditd
Steve Grubb
sgrubb at redhat.com
Wed Apr 6 13:59:54 UTC 2005
On Tuesday 05 April 2005 18:19, David Woodhouse wrote:
> Chris and I looked at this and discussed the possibility of adding a
> check in security_task_kill()
Out of curiosity, what about the possibility of augmenting siginfo_t?
siginfo_t {
int si_signo; /* Signal number */
int si_errno; /* An errno value */
int si_code; /* Signal code */
pid_t si_pid; /* Sending process ID */
uid_t si_uid; /* Real user ID of sending process */
int si_status; /* Exit value or signal */
clock_t si_utime; /* User time consumed */
clock_t si_stime; /* System time consumed */
sigval_t si_value; /* Signal value */
int si_int; /* POSIX.1b signal */
void * si_ptr; /* POSIX.1b signal */
void * si_addr; /* Memory location which caused fault */
int si_band; /* Band event */
int si_fd; /* File descriptor */
uid_t si_luid /* Login uid */
}
This is actually the cleanest way for the audit daemon. No races, no hanging
around waiting for a message that may never come.
-Steve
More information about the Linux-audit
mailing list