Re: [PATCH][RFC] Light-weight Auditing Framework

From: Chris Wright
Date: Tue Mar 02 2004 - 19:51:14 EST

Next message: Andrew Morton: "Re: [PATCH] Compile kernel with GCC-3.5 and without regparm"
Previous message: walt: "Re: [2.6.x] USB Zip drive kills ps2 mouse."
In reply to: Rik Faith: "Re: [PATCH][RFC] Light-weight Auditing Framework"
Next in thread: Rik Faith: "Re: [PATCH][RFC] Light-weight Auditing Framework"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Rik Faith (faith@xxxxxxxxxx) wrote:
> > Doesn't seem like CONFIG_AUDIT=n disables all the code.
>
> The bit tests in entry.S are still there, but those are the same tests
> that are used for ptrace, and there is nothing that sets the bits. So,
> aside from that test, all of the code should be disabled.

I think, e.g. the code that calls audit_get/putname is still there.

> Except where noted below, I have either incorporated all your
> suggestions or made notes in the code to do so later. The new patch is
> at: http://people.redhat.com/faith/audit/audit-20040302.1632.patch

Oops, I wasn't clear re: the static initialized data...I just meant to
give a couple examples, there were more:

+static int audit_default = 0;
+static int audit_pid = 0;
+static int audit_rate_limit = 0;
+static int audit_freelist_count = 0;
etc...

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [PATCH] Compile kernel with GCC-3.5 and without regparm"
Previous message: walt: "Re: [2.6.x] USB Zip drive kills ps2 mouse."
In reply to: Rik Faith: "Re: [PATCH][RFC] Light-weight Auditing Framework"
Next in thread: Rik Faith: "Re: [PATCH][RFC] Light-weight Auditing Framework"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]