multipart messages & delivery guarantees

Sunday, 22 February 2015

Hi,

Some events, such as execve or socket-related syscalls generate more than  
one message, which I'll separate as the "main" message, and then the
'sub'  
messages.

Does the audit system guarantee in any way that user-mode will receive  
either no message, or all messages for a given event ?

I'm curious to know if for example I could get an execve syscall message,  
but no cwd message, for example in case of low-memory condition.

Thanks,

Hassan

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

multipart messages & delivery guarantees