On Tue, 20 Jun 2006 15:08:53 EDT, Steve said:
> Here is the whole record for root accessing the file
>
> audit(1150830257.233:250): arch=40000003 syscall=5 success=yes exit=3
> a0=9a62398 a1=8000
^^^^
>
> I am not sure why it opens the file as read-only when root opens it...Because when root passes O_RDONLY, the kernel doesn't second-guess and open it read-right....
pgpXxz91KuFvB.pgp
Description: PGP signature
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
