watch structure

Hello, The way that the watch list is passed back currently is a string. This diminishes its usefullness. The way it should really be passed back is in a structure. This allows each part to have meaning (without parsing) and be formatted in userspace as needed. The only problem is the structure is defined as follows: struct audit_watch { uint32_t namelen; uint32_t fklen; char *name; char *filterkey; uint32_t perms; }; name and filterkey are pointers. If we changed the structure to this: struct audit_watch { uint32_t namelen; uint32_t fklen; char name[MAX_PATH]; char filterkey[MAX_KEY_LEN]; uint32_t perms; }; Then the structure can be used bi-directionally. Which brings up another point...when the watch is being sent into the kernel, what guarantee do we have that the app doesn't dissappear by the time the netlink packet is dispositioned and the pointers dereferenced? -Steve