[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] collect security labels on user processes generating audit messages



This should be a separate thread since the topic is different.

On Wednesday 15 February 2006 11:14, Linda Knippers wrote:
> Amy submitted a patch a while back to eliminate the "name=" field
> to avoid "name=(null)" from the audit records if there was no name
> but I don't think the patch went anywhere.

Right. I want all audit fields to have name=value. If we have %s in the 
message and pass NULL to it, snprintf is already going to put "(null)" so 
what's wrong with just using this precedent?

> It looks like there's a new case (for tty) where "(none)" is used.

Yes for the same reason.


> It would be nice to avoid having this in the audit records, especially
> in this case where the value might never be set on a particular system.

It creates parsing problems without a value. If I saw "tty="  and that's all, 
I'd think the audit system malfunctioned and file a bugzilla. I don't want 
that.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]