Re: [PATCH] enable /proc/$$/loginuid
On Mon, 2005-01-17 at 13:28 -0600, Timothy R. Chavez wrote:
Although I think this bit is still up for discussion:
Right, and such filtering already exists in the kernel and is
mostly,
if not completely, sufficient to meet this goal.
I absolutely agree with this:
What I was getting
at is that there may be a desire to do additional filtering that goes
above and beyond what the kernel is capable of doing. Thus. this is
one reason why the audit daemon and not the kernel, should be used to
write out to the actual log file.
Note though, that the Solaris approach of passing a pipe file descriptor
to the kernel may still be a viable alternative if people REALLY want to
go down this path (wouldn't recommend it though, based on all the
troubles Sun have had with this approach).
L.
--
Leigh Purdie, Director - InterSect Alliance Pty Ltd
http://www.intersectalliance.com/