On Fri, 2007-01-26 at 17:46 -0600, Timothy R. Chavez wrote: > Yep, I was referring to last reference to opened file. > > I'd hate to suggest adding a field to the file like "opened_as" which would > store the original fd it was assigned, but that would be enough to associate > the open() record and the final "close" record.
fd1 = open(...); ptr1 = mmap(fd1, ...); close(fd1); fd2 = open(...); assert(fd1 == fd2); ptr2 = mmap(fd2, ...); close(fd2); munmap(ptr1, ...); munmap(ptr2, ...); ...what should appear in the logs here? How are you going to tell which fd each munmap() belongs to? Maybe you mean "log inode/device for the file" and not "original fd", and then if/when you get confused it doesn't matter? -- James Antill <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
