Re: [RFC][PATCH] (#6 U1) the latest incarnation
On Fri, 2005-03-25 at 09:54 -0500, Stephen Smalley wrote:
I don't think so; I think all callers of audit_notify_watch() can
sleep
at the point of the call (unlike callers of audit_attach_watch, which
must not sleep, but that only attaches watches; it doesn't do any audit
generation). Now for SELinux avc_audit, that would be an issue, because
it cannot perform blocking allocation or otherwise deal with failures.
Then we should probably be using audit_context.aux for it and reporting
it on syscall exit.
--
dwmw2