[PATCH] audit: use audit_log_task_info in audit_core_dumps and __audit_seccomp
Richard Guy Briggs
rgb at redhat.com
Tue Jan 14 19:07:26 UTC 2014
On 14/01/14, Steve Grubb wrote:
> On Monday, January 13, 2014 09:56:35 PM Eric Paris wrote:
> > It seems that reusing the task info pattern throughout records should
> > allow for faster simpler more streamlined userspace records parsing, but
> > changing order like this might be a deal breaker.
>
> Have you tried using the ausearch test suite? I published it so that it can be
> found out what all these patches will do to the stability of user space. I'd
> delete your logs, reboot into test kernel, generate as many kind of events as
> possible, then extract the logs and test with the test suite.
Do you have a script of rules and a script of commands to accomplish the
"generate as many kind of events as possible"?
> -Steve
- RGB
--
Richard Guy Briggs <rbriggs at redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
More information about the Linux-audit
mailing list