[RFC][PATCH] collect security labels on user processes generating audit messages
Steve Grubb
sgrubb at redhat.com
Wed Feb 15 18:20:50 UTC 2006
On Wednesday 15 February 2006 12:17, Linda Knippers wrote:
> type=PATH msg=audit(1140192875.311:3789): name="(null)" flags=1
> inode=6537222 dev=fd:01 mode=0100664 ouid=501 ogid=501 rdev=00:00
Wait a second...notice the quote marks around (null). When you have a genuine
(null) they are not there.
type=PATH msg=audit(02/14/2006 08:54:27.096:24) : item=1 name=(null)
inode=34681 dev=03:06 mode=dir,700 ouid=root ogid=root rdev=00:00
obj=system_u:object_r:automount_tmp_t:s0
-Steve
More information about the Linux-audit
mailing list