[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] loginuid through procfs (+ a question)



On Sunday 09 January 2005 07:04, Klaus Weidner wrote:
> If the kernel can't reliably access the needed information, the audit
> userspace message function must be modified to work synchronously, so
> that the trusted program doesn't proceed until the kernel had a chance to
> pick up the data.

I'm not sure it needs to block, we just need to collect everything we need in 
1 shot.

> It's definitely a CAPP and LSPP requirement to have the correct user
> identity contained reliably in the audit record. Having it glued together
> in userspace would be acceptable as long as it's transparent to the admin
> and doesn't have problems with log file rollover etc.

Gluing it together in userspace will be low performance and the information 
needed may not be in a log. The patch to collect loginuid in af_netlink is 
probably 6-7 lines, tops. The solution in userspace will require *much* more 
programming and performance will be bad because of having to search for the 
needed info and there's no guarantee the needed info exists.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]