[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: dev information for open, exec?



* Erich Schubert (erich schubert gmail com) wrote:
> The log lines i get look like the following:
> type=KERNEL msg=audit(1109035917.261:14548): item=0
> name=/usr/share/locale/de/LC_MESSAGES/coreutils.mo inode=852010
> dev=00:00
> and the dev=00:00 value is bogus; I never get a different value.

The dev value is actually rdev.  So it's not bogus if you're accessing,
for example, /dev/hda1.  Reasonable question whether that's both
intentional and sufficient.  Given namespace possibilities, I assumed
that dev/ino pair was dumped to uniquely identify the object.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]