Re: Question about max syscall number
On Tuesday 05 August 2008 03:13:14 chuli wrote:
> We allow this because its possible that someone could write a
kernel
> module (maybe not in Linus tree) that adds syscall numbers.
I see. Will it be added in the manual?
I suppose I could add a few words. But I don't want to go too far with this
since I am yet to see a module in the main line that does this. I don't want
to emphasize something that is rare, or only theoretically possible but in
practice doesn't exist.
If I add a syscall whose number is 1000 in x86, such syscall can
also be
auditd.
Sure.
And If I use ausearch -i -sc 1000 to lookup the log, the result is
" syscall=unknown syscall(1000)". Is it should be interpreted in the
manual?
There is no way to intepret it. We don't know what it is.
-Steve