Re: syscall filtering on personality

Before we decide to use the pers flag for this, I want to understand personality more. I added an additional printf("Personality: %ld\n", personality(0xffffffff)); statement in the test case before you make the call personality(0x08); Before you explicitly set personality to 8 in the test, personality is always=0 whether you compile the test in 64bit or 32bit mode. Is that the expected behavior? Can you not tell from personality if something was compiled in 32bit vs 64bit mode? -debbie Steve Grubb <sgrubb(a)redhat.co m> To Sent by: Linux Audit Discussion linux-audit-bounc <linux-audit(a)redhat.com&gt; es(a)redhat.com cc Subject 03/08/2005 02:34 Re: syscall filtering on PM personality Please respond to Linux Audit Discussion On Tuesday 08 March 2005 15:18, Debora Velarde wrote: adds Actually, this should be the syscall number that auditctl was compiled with. I don't think so. How does it know what personalities you want to watch? to How about we make pers take a list? This could be implemented one of 2 ways. auditctl can generate a rule for each personality. Or with some changes in the kernel, we can make personality act more like a bit mask so that we don't have to load as many rules in the kernel. Userspace can generate a mask or separate rules. Any preferences? -Steve -- Linux-audit mailing list Linux-audit(a)redhat.com http://www.redhat.com/mailman/listinfo/linux-audit