Re: audit_ftype_to_name?
On Friday, October 18, 2013 12:47:23 PM Stephen Quinney wrote:
I am wanting to use the audit_ftype_to_name function which is
provided
in the audit python module. It seems that this always returns None
which is not particularly useful.
It shouldn't return that except when there is no match.
I can see that the function is implemented in lib/lookup_table.c and
it only
does something when the NO_TABLES cpp macro is not defined.
Correct.
In src/mt/Makefile.am that is defined (with -DNO_TABLES in AM_CFLAGS),
I assume
that is deliberate?
Yes. That location is a private copy recompiled for pthreads use and linked
only to auditd. Auditd has no use for those tables so they are thrown away.
I can't see any definition of the ftype_i2s function which is
called
by audit_ftype_to_name so maybe this hasn't been implemented yet?
Yes, it has been. However, its over in lib/libaudit.
It seems to work fin on my system:
#!/usr/bin/env python
import sys
import audit
name = audit.audit_ftype_to_name(0140000)
print '%s\n' % (name,),
sys.exit(0)
$ ./test.py
socket