[redhat-lspp] RFC: Possible Audit Failure Design Change
Amy Griffis
amy.griffis at hp.com
Wed May 17 17:19:21 UTC 2006
On Wed, May 17, 2006 at 11:02:49AM -0400, Steve Grubb wrote:
> On Wednesday 17 May 2006 10:56, Amy Griffis wrote:
> > The userspace programs shouldn't require syscall audit.
>
> They don't right now, but this proposal would make it so. :)
How would that be? audit_failure lives in audit.c.
> > But if the kernel was built without CONFIG_AUDIT, I think ignore would be
> > appropriate, and would also follow what the trusted programs are
> > currently doing.
>
> Yes, I just want to make sure we cover that scenario. Rather than use sys/fs
> (and add kernel code) you could simply do a call to audit_getstatus and check
> the state.
Except that audit_getstatus uses netlink. The failure that the app is
querying about is a netlink socket failure, so trying to use the
netlink socket to determine the failure action wouldn't make a lot of
sense.
> errno has one of several well known values if syscall audit is not
> compiled in.
>
> -Steve
>
> --
> redhat-lspp mailing list
> redhat-lspp at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp
>
More information about the redhat-lspp
mailing list