[redhat-lspp] RFC: Possible Audit Failure Design Change
Steve Grubb
sgrubb at redhat.com
Wed May 17 15:02:49 UTC 2006
On Wednesday 17 May 2006 10:56, Amy Griffis wrote:
> The userspace programs shouldn't require syscall audit.
They don't right now, but this proposal would make it so. :)
> But if the kernel was built without CONFIG_AUDIT, I think ignore would be
> appropriate, and would also follow what the trusted programs are
> currently doing.
Yes, I just want to make sure we cover that scenario. Rather than use sys/fs
(and add kernel code) you could simply do a call to audit_getstatus and check
the state. errno has one of several well known values if syscall audit is not
compiled in.
-Steve
More information about the redhat-lspp
mailing list