* Steve Grubb (sgrubb(a)redhat.com) wrote:
On Wednesday 27 April 2005 16:36, Steve Grubb wrote:
> > > + if (unlikely(audit_pid && t->pid == audit_pid)) {
> > > + if (sig == SIGTERM || sig == SIGKILL) {
>
> > Any reason this should be unavailable when syscall auditing is off?
I'm pretty sure I mis-read your question. Can you elaborate?
That code is not compiled when CONFIG_AUDITSYSCALL=n. When I wrote that,
I didn't think syscall auditing would be requirement for this feature
(but, then again in that case the audit_context is non-existant, and
the loginuid is not there, and the whole point of this thing is perhaps
moot...)
thanks,
-chris
--
Linux Security Modules
http://lsm.immunix.org http://lsm.bkbits.net