Re: [patch] Syscall auditing - move "name=" field to the end

From: Chris Wright
Date: Wed Mar 16 2005 - 17:44:58 EST

Next message: Sean Neakums: "Re: 2.6.11-mm4"
Previous message: J.A. Magallon: "Re: 2.6.11-mm4"
In reply to: Ondrej Zary: "[patch] Syscall auditing - move "name=" field to the end"
Next in thread: David Woodhouse: "Re: [patch] Syscall auditing - move "name=" field to the end"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Ondrej Zary (linux@xxxxxxxxxxxxxxxxxxxx) wrote:
> This patch moves the "name=" field to the end of audit records. The
> original placement is bad because it cannot be properly parsed. It is
> impossible to tell if the name is "/bin/true" or "/bin/true inode=469634
> dev=00:00" because the "inode=" and "dev=" fields can be omitted.
>
> Before:
> audit(1111008486.824:89346): item=0 name=/bin/true inode=469634 dev=00:00
>
> After:
> audit(1111008486.824:89346): item=0 inode=469634 dev=00:00 name=/bin/true
>
> Signed-off-by: Ondrej Zary <linux@xxxxxxxxxxxxxxxxxxxx>

Looks reasonable. Thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sean Neakums: "Re: 2.6.11-mm4"
Previous message: J.A. Magallon: "Re: 2.6.11-mm4"
In reply to: Ondrej Zary: "[patch] Syscall auditing - move "name=" field to the end"
Next in thread: David Woodhouse: "Re: [patch] Syscall auditing - move "name=" field to the end"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]