On Wed, May 17, 2006 at 11:02:49AM -0400, Steve Grubb wrote: > On Wednesday 17 May 2006 10:56, Amy Griffis wrote: > > The userspace programs shouldn't require syscall audit. > > They don't right now, but this proposal would make it so. :)
How would that be? audit_failure lives in audit.c. > > But if the kernel was built without CONFIG_AUDIT, I think ignore would be > > appropriate, and would also follow what the trusted programs are > > currently doing. > > Yes, I just want to make sure we cover that scenario. Rather than use sys/fs > (and add kernel code) you could simply do a call to audit_getstatus and check > the state. Except that audit_getstatus uses netlink. The failure that the app is querying about is a netlink socket failure, so trying to use the netlink socket to determine the failure action wouldn't make a lot of sense. > errno has one of several well known values if syscall audit is not > compiled in. > > -Steve > > -- > redhat-lspp mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/redhat-lspp > -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
