On Friday 22 September 2006 13:38, Paul Moore wrote: > In order to meet certain certification requirements, the NetLabel kernel > subsystem needs to write a small number of audit messages.
What are the requirements you are addressing? (I have a feeling that its similar to what we have to do to file systems.) > For the messages themselves, here is what I was thinking: > > "netlabel: <protocol> op=<operation> pid=<pid> tty=<tty> comm=<name> > exe=<path> uid=<uid> auid=<auid> euid=<euid> suid=<suid> > fsuid=<fsuid> gid=<gid> egid=<euid> sgid=<suid> > fsgid=<fsuid> [<cipsov4 extras>|<managment extras>]" This look very much like a syscall record...would it make sense to do this as an aux record? -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
