On Wed, Apr 18, 2007 at 12:09:50PM -0400, Steve Grubb wrote: > Hi, > > I have been working on some code that detects abnormal events based on > audit system events. One kind of event that we currently have no visibility > for is > when a program terminates due to segfault - which should never happen on a > production machine. And if it did, you'd want to investigate it. Attached is a > patch that collects these events and sends them into the audit system. > > Signed-off-by: Steve Grubb <[EMAIL PROTECTED]>
I'd suggest taking that into a separate function somewhere in kernel/audit*.c; no need to clutter fs/exec.c with it. Leave if (unlikely(audit_enabled)) in inlined wrapper as usual, pass signr as argument... -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
