[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [patch] Syscall auditing - move "name=" field to the end



* Ondrej Zary (linux rainbow-software org) wrote:
> This patch moves the "name=" field to the end of audit records. The 
> original placement is bad because it cannot be properly parsed. It is 
> impossible to tell if the name is "/bin/true" or "/bin/true inode=469634 
> dev=00:00" because the "inode=" and "dev=" fields can be omitted.
> 
> Before:
> audit(1111008486.824:89346): item=0 name=/bin/true inode=469634 dev=00:00
> 
> After:
> audit(1111008486.824:89346): item=0 inode=469634 dev=00:00 name=/bin/true
> 
> Signed-off-by: Ondrej Zary <linux rainbow-software org>

Looks reasonable.  Thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]