[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] audit syscall classes



On Saturday 01 July 2006 07:53, Alexander Viro wrote:
> +#define AUDIT_SYSCALL_CLASSES 16
> +#define AUDIT_CLASS_DIR_WRITE 0
> +#define AUDIT_CLASS_DIR_WRITE_32 1
> +#define AUDIT_CLASS_CHATTR 2
> +#define AUDIT_CLASS_CHATTR_32 3

Hello,

I'm working on the auditctl support for this right now. The requirements are 
simply: read, write, execute, and attribute change. How do I get it from the 
above? I don't see anything for reads or execute. Also, why is DIR in the 
name of writes? Is this limited to notification of DIRS?

Thanks,
-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]