Re: dev information for open, exec?

Tuesday, 22 February 2005

* Erich Schubert (erich.schubert(a)gmail.com) wrote:
...
 The log lines i get look like the following:
 type=KERNEL msg=audit(1109035917.261:14548): item=0
 name=/usr/share/locale/de/LC_MESSAGES/coreutils.mo inode=852010
 dev=00:00
 and the dev=00:00 value is bogus; I never get a different value. 
The dev value is actually rdev.  So it's not bogus if you're accessing,
for example, /dev/hda1.  Reasonable question whether that's both
intentional and sufficient.  Given namespace possibilities, I assumed
that dev/ino pair was dumped to uniquely identify the object.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: dev information for open, exec?