David Woodhouse wrote:
Perhaps I misunderstand the intent of userspace AUDIT_WRITE. Can you
provide examples of why you _wouldn't_ want to let a dæmon which is
already sending random unvetted AUDIT_WRITE messages also specify the
loginuid on _those_ messages?
The loginuid is part of the process state. This is the reason you do not
want to write out this information from a userspace application, as the
process state portions of the audit record are recorded by the kernel.
-Chad