[PATCH] cleanups + fixes against audit.56
Timothy R. Chavez
tinytim at us.ibm.com
Wed Jun 15 20:44:35 UTC 2005
On Wednesday 15 June 2005 15:36, Timothy R. Chavez wrote:
>
> Rik's hook can only give back the _relevant_ information the system call was able
> to use when deciding its courses of action. In some cases that's the parent and
> in others it's the child.
>
> I think we're abusing the original purpose of the hook.
Rather, misunderstanding..
I think the only confusing part of the hook is that path= returns the path of the
file in question, always, but the rest of the information is in regards to whatever
inode was needed in making a decision on what to do. If the inode belonging to
the file was not important (or not available) to make a decision with, then its not
going to be reported.
-tim
More information about the Linux-audit
mailing list