[PATCH] audit syscall classes
Steve Grubb
sgrubb at redhat.com
Tue Aug 22 14:33:52 UTC 2006
On Saturday 01 July 2006 07:53, Alexander Viro wrote:
> +#define AUDIT_SYSCALL_CLASSES 16
> +#define AUDIT_CLASS_DIR_WRITE 0
> +#define AUDIT_CLASS_DIR_WRITE_32 1
> +#define AUDIT_CLASS_CHATTR 2
> +#define AUDIT_CLASS_CHATTR_32 3
Hello,
I'm working on the auditctl support for this right now. The requirements are
simply: read, write, execute, and attribute change. How do I get it from the
above? I don't see anything for reads or execute. Also, why is DIR in the
name of writes? Is this limited to notification of DIRS?
Thanks,
-Steve
More information about the Linux-audit
mailing list