[RFC][PATCH] (#6 U1) the latest incarnation
David Woodhouse
dwmw2 at infradead.org
Fri Mar 25 15:11:55 UTC 2005
On Fri, 2005-03-25 at 09:54 -0500, Stephen Smalley wrote:
> I don't think so; I think all callers of audit_notify_watch() can sleep
> at the point of the call (unlike callers of audit_attach_watch, which
> must not sleep, but that only attaches watches; it doesn't do any audit
> generation). Now for SELinux avc_audit, that would be an issue, because
> it cannot perform blocking allocation or otherwise deal with failures.
Then we should probably be using audit_context.aux for it and reporting
it on syscall exit.
--
dwmw2
More information about the Linux-audit
mailing list