[RFC] linux-2.6.10-auditfs-tc1.patch
Steve Grubb
sgrubb at redhat.com
Mon Jan 24 16:48:30 UTC 2005
On Monday 24 January 2005 11:29, Casey Schaufler wrote:
> > Which capabilities?
>
> - The process capability set
> - The set of capabilties that were
> actually required
Both? The capabilities required should be cast in concrete and not
configurable. Not sure what value this adds other than a convenience.
> - In Irix you can get privilege by
> either having the capabilty or by
> being root. If you got privilege
> not because you have the capability
> but because you're root that is
> indicated as well.
In linux you can be root and not able to add capabilities or lose capabilities
since you gave up that capability. So, I'm not sure if this is useful in this
situation.
> > Yes. The audit program has a format_type
> > configuration option so these can be
> > written. Send the patch to me or this mail list
> > against the latest audit
> > daemon code.
>
> Hum. I'll have to see what I can do.
Just write a function similar to format_raw in lib/libaudit.c. Around line 199
in src/auditd-event.c is a switch statement & LF_RAW case. Just add another
case to call your formatting function. The formatting function should malloc
& write to a buffer that the caller will free later. That's all there is to
it.
-Steve
More information about the Linux-audit
mailing list