Re: [PATCH] Audit of POSIX Message Queue Syscalls
On Wednesday 17 May 2006 12:39, Amy Griffis wrote:
Looking through the code, I see that audit_getname, audit_inode and
friends do both checks, while the other aux data collectors only check
!context. Looks like someone should add the second check for those
also (except maybe audit_avc_path).
I think this was going to be done when the hook functions were changed to an
inline function that checks if audit is enabled before doing the real
function call.
IIRC, we want the avc path records even when syscall auditing is
disabled.
True.
-Steve