[PATCH] enable /proc/$$/loginuid
Casey Schaufler
casey at schaufler-ca.com
Mon Jan 17 20:14:11 UTC 2005
--- "Timothy R. Chavez" <chavezt at gmail.com> wrote:
> Right, and such filtering already exists in the
> kernel and is mostly,
> if not completely, sufficient to meet this goal.
> What I was getting
> at is that there may be a desire to do additional
> filtering that goes
> above and beyond what the kernel is capable of
> doing. Thus. this is
> one reason why the audit daemon and not the kernel,
> should be used to
> write out to the actual log file.
Ah, yes. The initial version of SunOS audit
(back in the late 1980's) wrote directly from
the kernel to disk. The lesson was quickly
learned. Log file management, filtering,
notification, and a number of other functions
are much better done in user space code.
=====
Casey Schaufler
casey at schaufler-ca.com
__________________________________
Do you Yahoo!?
All your favorites on one personal page – Try My Yahoo!
http://my.yahoo.com
More information about the Linux-audit
mailing list