> > How will this affect audit of chown(2), acl(2)? In particular when
> > the audit trail file is processed on another system, or after a
> > reboot? Will ephermeral uid's be stored in the audit trail file?
> > How will praudit(1M), auditreduce(1M) be changed by this project?
> >
> > Gary..
>
> This change doesn't change any syscalls. All it does is allow a user to
> specify SIDs and then uses the idmap(1M) API to convert those to
> ephemeral IDs.
Right and doesn't it store ephemeral IDs in the audit trail file?
IIRC, ephemeral IDs were never supposed to survive reboots or
be transfered to other systems. Audit trail files can be moved
from the machine on which they were created; they can be processed
after the system has been rebooted. How are ephemeral IDs processed in
those environments? That is, "How will praudit(1M), auditreduce(1M)
be changed by this project?" praudit translates user/group IDs to
user/group names. auditreduce selects files based on fileowner
and or filegroup.
Gary..
