[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] auditfs userspace



On Monday 07 March 2005 18:00, Timothy R. Chavez wrote:
> Here's the userspace patch for audit-0.6.5 -- It doesn't work as is.
>
> So please break..er test my code :)

Shouldn't these defines come from the kernel header?

diff -Nurp audit-0.6.5/src/auditctl.c audit-0.6.5-scratch/src/auditctl.c
--- audit-0.6.5/src/auditctl.c  2005-03-03 10:11:00.000000000 -0600
+++ audit-0.6.5-scratch/src/auditctl.c  2005-03-07 15:56:19.000000000 -0600
@@ -49,6 +49,14 @@
  */
 #define LINE_SIZE 1600

+#define WATCH_MAY_EXEC         1
+#define WATCH_MAY_WRITE                2
+#define WATCH_MAY_READ         4
+#define WATCH_MAY_APPEND       8
+
+#define WATCH_NAME             1
+#define WATCH_FILTERKEY                2
+#define WATCH_PERMS            3


Also, just a little design comment, do we really need to have an enable for fs 
auditing? Isn't there an implicit enabling by virtue of either having watches 
or not having them?

Also, should there be a #ifdef CONFIG_AUDITFILESYSTEM? Shouldn't it be part of 
the audit system? The audit ipc patch, for example, didn't declare itself 
separately configurable.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]