Re: [PATCH] enable /proc/$$/loginuid
On Monday 17 January 2005 11:50, Inder Kumar wrote:
Move loginuid(accountability information) to the task_struct. Why
are
you using "loginuid" for accountability ?
We need to know who they logged in as. Some people login and then do 'su root'
and perform actions. We need to know who root logged in as.
What if two different users login using the same "loginuid"
?
I suppose they are considered the same person.
Also, what is the advantage of using NETLINK sockets?
Its a way of getting kernel information to userspace.
It looks like the information is passed to user-space for no-reason.
The same information will be passed back to the kernel by the
syslog routines.
Actually, the audit subsystem decides where to send things - to special daemon
or syslog. The information is being passed to userspace for a reason. Some
installations require it has to be logged with great care. Syslog does not
meet the requirements for those users.
What is the point in doing such processing. Why are you not writing
records directly from the kernel to the audit file?
That's what the userspace daemon does.
-Steve Grubb