Hi all:
I found a bug the process auvrt generate a coredump when there is no file
named audit.log, In the case the /var/log/audit/audit.log removed by
someone.
I make a patch to solve this problem.
Index: auparse/auparse.c
===
---
Hi all:
I found a bug the process auvrt generate a coredump when there is no file
named audit.log, In the case the /var/log/audit/audit.log removed by
someone.
I make a patch to solve this problem.
Index: auparse/auparse.c
===
---
Historically, when a syscall that creates a dentry fails, you get an audit
record that looks something like this (when trying to create a file named
"new" in "/tmp/tmp.SxiLnCcv63"):
type=PATH msg=audit(1366128956.279:965): item=0
name="/tmp/tmp.SxiLnCcv63/new" inode=2138308 dev=fd:02 mode=040
...to make it clear what the intent behind each record's operation was.
In many cases you can infer this, based on the context of the syscall
and the result. In other cases it's not so obvious. For instance, in
the case where you have a file being renamed over another, you'll have
two different re
What kernel are these patches against?
On Tue, 2013-05-07 at 10:20 +0800, Gao feng wrote:
> This patchset try to add namespace support for audit.
>
> I choose to assign audit to the user namespace.
> Right now,there are six kinds of namespaces, such as
> net, mount, ipc, pid, uts and user. the f
The old audit PATH records for mq_open looked like this:
type=PATH msg=audit(1366282323.982:869): item=1 name=(null) inode=6777
dev=00:0c mode=041777 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:tmpfs_t:s15:c0.c1023
type=PATH msg=audit(1366282323.982:869): item=0 name="test_mq" inode=26732
dev=0
Hi all:
I found a bug the process auvrt generate a coredump when there is no file
named audit.log, In the case the /var/log/audit/audit.log removed by
someone.
I make a patch to solve this problem.
Index: auparse/auparse.c
===
---
On Tue, May 07, 2013 at 10:20:31AM +0800, Gao feng wrote:
> It's better to define audit_ever_enabled as bool
>
> Signed-off-by: Gao feng
> ---
> kernel/audit.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 4595a9e..1138ff5 10064
On Tue, May 07, 2013 at 10:20:30AM +0800, Gao feng wrote:
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 684599b..33e6584 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -441,7 +441,8 @@ extern int audit_filter_type(int type);
> extern int audit_recei
This patchset try to add namespace support for audit.
I choose to assign audit to the user namespace.
Right now,there are six kinds of namespaces, such as
net, mount, ipc, pid, uts and user. the first five
namespaces have special usage. the audit isn't suitable to
belong to these five namespaces,
On 05/09/2013 12:55 AM, Eric Paris wrote:
> What kernel are these patches against?
>
This patchset is based on linus's tree.
The last commit is d7ab7302f970a254997687a1cdede421a5635c68
(Merge tag 'mfd-3.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/same)
Thanks
Gao
--
Linux-audit maili
On Wednesday, May 08, 2013 06:53:15 PM 车烈权 wrote:
> I found a bug the process auvrt generate a coredump when there is no file
> named audit.log, In the case the /var/log/audit/audit.log removed by
> someone.
>
> I make a patch to solve this problem.
Applied. Thanks!
-Steve
--
Linux-audit mailin
12 matches
Mail list logo