Why allow only one auditing consumer?
From: Rusty Lynch
Date: Wed Jun 16 2004 - 13:18:15 EST
It looks like the way the auditing code is using netlink there can only be
one user space process that recieves auditing messages.
Is this correct?
I was looking into using auditing for monitoring the lifetime of a set of
processes, but I don't want my super-init type of component to rule out using
SELinux (or whatever else was planning on consuming auditing messages.)
Assuming I understood the code correctly, would a patch that enabled multiple
auditing consumers be in-line with the goals of the sycall auditing mechanism?
--rusty
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/