On Mon, Jan 6, 2014 at 9:00 PM, William Roberts wrote:
> During an audit event, cache and print the value of the process's
> cmdline value (proc//cmdline). This is useful in situations
> where processes are started via fork'd virtual machines where the
> comm field is incorrect. Often times, setti
On 14/01/14, William Roberts wrote:
> The race was non existent. I had the VMA locked. I switched to this to keep
> the code that gets the cmdline value almost unchanged to try and reduce
> bugs. I can still author a patch on top of this later to optimize. However
> the buffer is smaller. Before it
This bounced LKML, re-sending. My phone sent it as HTML
On Tue, Jan 14, 2014 at 7:50 PM, William Roberts
wrote:
> The race was non existent. I had the VMA locked. I switched to this to keep
> the code that gets the cmdline value almost unchanged to try and reduce
> bugs. I can still author a patc
The race was non existent. I had the VMA locked. I switched to this to keep
the code that gets the cmdline value almost unchanged to try and reduce
bugs. I can still author a patch on top of this later to optimize. However
the buffer is smaller. Before it was page size, now its path maxiirc is
On 14/01/06, William Roberts wrote:
> During an audit event, cache and print the value of the process's
> cmdline value (proc//cmdline). This is useful in situations
> where processes are started via fork'd virtual machines where the
> comm field is incorrect. Often times, setting the comm field st
I can't comment on the concept, but have one nit.
On Mon, Jan 06, 2014 at 07:30:30AM -0800, William Roberts wrote:
> +static void audit_log_cmdline(struct audit_buffer *ab, struct task_struct
> *tsk,
> + struct audit_context *context)
> +{
> + int res;
> + char *buf;
On Mon, Jan 6, 2014 at 9:08 AM, Mateusz Guzik wrote:
> I can't comment on the concept, but have one nit.
FYI: The concept is something that has been in the works and at least ackd on
by the current maintainer of audit:
http://marc.info/?l=linux-kernel&m=138660320704580&w=2
>
> On Mon, Jan 06, 20
During an audit event, cache and print the value of the process's
cmdline value (proc//cmdline). This is useful in situations
where processes are started via fork'd virtual machines where the
comm field is incorrect. Often times, setting the comm field still
is insufficient as the comm width is not
During an audit event, cache and print the value of the process's
cmdline value (proc//cmdline). This is useful in situations
where processes are started via fork'd virtual machines where the
comm field is incorrect. Often times, setting the comm field still
is insufficient as the comm width is not
On Mon, Dec 02, 2013 at 01:10:39PM -0800, William Roberts wrote:
> During an audit event, cache and print the value of the process's
> cmdline value (proc//cmdline). This is useful in situations
> where processes are started via fork'd virtual machines where the
> comm field is incorrect. Often tim
During an audit event, cache and print the value of the process's
cmdline value (proc//cmdline). This is useful in situations
where processes are started via fork'd virtual machines where the
comm field is incorrect. Often times, setting the comm field still
is insufficient as the comm width is not
11 matches
Mail list logo
