[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: syscall filtering on personality

Before we decide to use the pers flag for this, I want to understand personality more.
I added an additional
printf("Personality: %ld\n", personality(0xffffffff));
statement in the test case before you make the call

Before you explicitly set personality to 8 in the test, personality is always=0 whether you compile the test in 64bit or 32bit mode.
Is that the expected behavior? Can you not tell from personality if something was compiled in 32bit vs 64bit mode?


Inactive hide details for Steve Grubb <sgrubb redhat com>Steve Grubb <sgrubb redhat com>

          Steve Grubb <sgrubb redhat com>
          Sent by: linux-audit-bounces redhat com

          03/08/2005 02:34 PM

          Please respond to
          Linux Audit Discussion


Linux Audit Discussion <linux-audit redhat com>



Re: syscall filtering on personality

On Tuesday 08 March 2005 15:18, Debora Velarde wrote:
> So it looks like, if you add a syscall by name to auditctl, it always adds
> only the rule for the 64bit syscall number.

Actually, this should be the syscall number that auditctl was compiled with.

> Should auditctl add both?

I don't think so. How does it know what personalities you want to watch?

> Or  should auditctl use the pers flag to figure out which syscall number to
> add?

How about we make pers take a list? This could be implemented one of 2 ways.
auditctl can generate a rule for each personality. Or with some changes in
the kernel, we can make personality act more like a bit mask so that we don't
have to load as many rules in the kernel.

Userspace can generate a mask or separate rules. Any preferences?


Linux-audit mailing list
Linux-audit redhat com

GIF image

GIF image

GIF image

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]