Re: [RFC] linux-2.6.10-auditfs-tc1.patch
On Monday 24 January 2005 11:29, Casey Schaufler wrote:
> Which capabilities?
- The process capability set
- The set of capabilties that were
actually required
Both? The capabilities required should be cast in concrete and not
configurable. Not sure what value this adds other than a convenience.
- In Irix you can get privilege by
either having the capabilty or by
being root. If you got privilege
not because you have the capability
but because you're root that is
indicated as well.
In linux you can be root and not able to add capabilities or lose capabilities
since you gave up that capability. So, I'm not sure if this is useful in this
situation.
> Yes. The audit program has a format_type
> configuration option so these can be
> written. Send the patch to me or this mail list
> against the latest audit
> daemon code.
Hum. I'll have to see what I can do.
Just write a function similar to format_raw in lib/libaudit.c. Around line 199
in src/auditd-event.c is a switch statement & LF_RAW case. Just add another
case to call your formatting function. The formatting function should malloc
& write to a buffer that the caller will free later. That's all there is to
it.
-Steve