Why allow only one auditing consumer?

From: Rusty Lynch
Date: Wed Jun 16 2004 - 13:18:15 EST

Next message: Dimitri Sivanich: "Re: [PATCH]: Option to run cache reap in thread mode"
Previous message: Stas Sergeev: "[patch][rfc] expandable anonymous shared mappings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It looks like the way the auditing code is using netlink there can only be
one user space process that recieves auditing messages.

Is this correct?

I was looking into using auditing for monitoring the lifetime of a set of
processes, but I don't want my super-init type of component to rule out using
SELinux (or whatever else was planning on consuming auditing messages.)

Assuming I understood the code correctly, would a patch that enabled multiple
auditing consumers be in-line with the goals of the sycall auditing mechanism?

--rusty

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dimitri Sivanich: "Re: [PATCH]: Option to run cache reap in thread mode"
Previous message: Stas Sergeev: "[patch][rfc] expandable anonymous shared mappings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]