Re: [RFC][PATCH] loginuid through procfs (+ a question)
On Friday 07 January 2005 16:58, Serge Hallyn wrote:
A related question: On receipt of a AUDIT_USER message, we log the
pid
and uid, but not the loginuid.
You mean in af_netlink.c? That info comes from the netlink credentials.
Is it ok to force the user-space code to search through previous log
entries to determine the correct loginuid, or would we prefer to send
the loginuid in the log entry?
I had no plans to do that. I think if there's a reason that the information is
needed then the kernel should collect it and send it in the audit packet
instead of userspace gluing it together. The critical piece of info may have
occurred before the log starts or in another log if it rotated (recurring
cron job). It just gets messy. Better to collect it if its required. My 2
cents.
-Steve Grubb