On Thursday 01 November 2007 01:23:24 pm Tony Jones wrote:
> > We are looking into this - at one time it did. Someone should follow up
> > with a path correcting this soon. But I doubt the audit system will work
> > correctly if the flag gets removed as there is no good way to add it
> > again late
On Thu, Nov 01, 2007 at 10:33:52AM -0400, Steve Grubb wrote:
> On Monday 29 October 2007 07:15:30 pm Tony Jones wrote:
> > On Mon, Oct 29, 2007 at 06:04:31PM -0400, Steve Grubb wrote:
> > > So when audit is re-enabled, how do you make that task auditable?
> >
> > No idea. How do you do it currently
On Monday 29 October 2007 07:15:30 pm Tony Jones wrote:
> On Mon, Oct 29, 2007 at 06:04:31PM -0400, Steve Grubb wrote:
> > So when audit is re-enabled, how do you make that task auditable?
>
> No idea. How do you do it currently? HINT: current->audit_context == NULL
> for these tasks. If !audit_en
On Mon, Oct 29, 2007 at 06:04:31PM -0400, Steve Grubb wrote:
> If the child does not have the TIF_SYSCALL_AUDIT flag, it never goes into
> audit_syscall_entry. It becomes unauditable.
True but a task where current->audit_context == NULL is going to immediately
BUG out in audit_syscall_entry. Thi
On Monday 29 October 2007 01:20:58 pm Tony Jones wrote:
> > The problem is that removing that flag makes the children unauditable in
> > the future. The only place that flag gets set is during fork.
>
> I don't see this.
If the child does not have the TIF_SYSCALL_AUDIT flag, it never goes into
au
On Sat, Oct 27, 2007 at 10:21:39AM -0400, Steve Grubb wrote:
> On Friday 26 October 2007 04:42:28 pm Tony Jones wrote:
> > Thread flag TIF_SYSCALL_AUDIT is not cleared for new children when audit
> > context creation has been disabled (auditctl -e0). This can cause new
> > children forked from a pa
On Friday 26 October 2007 04:42:28 pm Tony Jones wrote:
> Thread flag TIF_SYSCALL_AUDIT is not cleared for new children when audit
> context creation has been disabled (auditctl -e0). This can cause new
> children forked from a parent created when audit was enabled to not take
> the fastest syscall
* Tony Jones ([EMAIL PROTECTED]) wrote:
> From: Tony Jones <[EMAIL PROTECTED]>
> Minor performance enhancement.
>
> Thread flag TIF_SYSCALL_AUDIT is not cleared for new children when audit
> context creation has been disabled (auditctl -e0). This can cause new
> children
> forked from a parent
From: Tony Jones <[EMAIL PROTECTED]>
Minor performance enhancement.
Thread flag TIF_SYSCALL_AUDIT is not cleared for new children when audit
context creation has been disabled (auditctl -e0). This can cause new children
forked from a parent created when audit was enabled to not take the fastest
9 matches
Mail list logo
