Re: watch structure
On Mon, 2005-04-04 at 16:46 -0400, Steve Grubb wrote:
struct audit_watch {
uint32_t namelen;
uint32_t fklen;
char name[MAX_PATH];
char filterkey[MAX_KEY_LEN];
uint32_t perms;
};
Then the structure can be used bi-directionally. Which brings up another
point...when the watch is being sent into the kernel, what guarantee do we
have that the app doesn't dissappear by the time the netlink packet is
dispositioned and the pointers dereferenced?
The structure could just define the length and perms fields, then put a
char buf[0]; at the end to allow referencing of watch->buf, and just
include the two strings immediately after the structure when creating
it. Kernel can then extract them appropriately based on the lengths.
No need to reserve fixed size fields for them.
BTW, using separate structures for the kernel-userspace interface versus
internal use is a good idea; it lets you evolve the internals without
creating userspace compatibility problems.
--
Stephen Smalley <sds(a)tycho.nsa.gov>
National Security Agency