Sorry
Redhat es4 x86 monoproc
Kernel 2.6.9-34.EL
Audit 1.0.12-1.EL4
gcc 3.4.5 (redhat's)
-Original Message-
From: Paul Moore [mailto:[EMAIL PROTECTED]
Sent: Friday, April 20, 2007 3:45 PM
To: paul moore
Cc: linux-audit@redhat.com
Subject: Re: listening to /dev/audit in a pthread program
On Friday, April 20 2007 6:35:34 pm paul moore wrote:
I have an test app that quite happily does an audit_set_pid and then
sits there reading /dev/audit.
It works fine if its in the lead thread. But when I run the same code
in my real app it runs in a different thread. No matter what PID I
pass to the audit subsystem it complains that nobody is listening
I did audit_set_pid(getpid...) - no (passes the pid of the manager
thread)
I did audit_set_pid(gettid...) - no (passes the pid of the LWP)
(I dont really mean I did gettid - I did syscall(_NR_gettid))
I can see in the complaint message that I have given it the pid I
intended to.
I can see in gdb that my LWP id is the same as the one I send to the
audit subsystem - ie gettid worked.
Is this a known issue?
A little more information would be helpful, such as distribution (I'm
guessing SuSE?), kernel version, audit userspace version, etc.
-Paul The Other One Moore
--
paul moore
linux security @ hp
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
