On Thu, Nov 14, 2013 at 08:56:57AM +0530, Paul Davies C wrote:
Currently when the coredump signals are logged by the audit system , the
actual path to the executable is not logged. Without details of exe , the
system admin may not have an exact idea on what program failed.
This patch changes
On Wed, Nov 20, 2013 at 02:07:58PM -0800, William Roberts wrote:
On Wed, Nov 20, 2013 at 2:03 PM, William Roberts
bill.c.robe...@gmail.com wrote:
On Wed, Nov 20, 2013 at 1:47 PM, Richard Guy Briggs r...@redhat.com wrote:
On Thu, Nov 14, 2013 at 08:56:57AM +0530, Paul Davies C wrote:
+
Rather then cacheing whole pages, use kmalloc to potentially
cache a smaller size.
Change-Id: I9fb749dc2bdac506d1bc6f2259fbbdeeec87b298
Signed-off-by: William Roberts wrobe...@tresys.com
---
fs/proc/base.c | 93 +++
include/linux/proc_fs.h |
Rather then reading from userspace on every call,
cache the page in the audit_context and couple
to that objects life-cycle.
Change-Id: Ia0d432bc4aba8588840f0dc0026a1e9483e5b485
Signed-off-by: William Roberts wrobe...@tresys.com
---
kernel/auditsc.c | 48
Changes since last publish:
* Ran all patches through checkpatch, some elluded me.
* Changed cmdline copy/length API to reduce task_mm_get() mmput() calls
Still need to know:
* Any major objecttions to this still?
* My public API changes are in proc, is this the best spot for those?
As always,
Audit records will now contain a new field, cmdline.
This is the value that is stored in proc/self/cmdline,
and is useful for debugging when processes are being run
via VM's. A primary example of this is Android, in which
package names are set in this location, and thread names
are set via
Each call to length copy required a call to get_task_mm() and mmput.
Just require the caller to aquire and pass a valid mm.
Change-Id: Id7069b80f1cbea5b30032a0a459dd54b7446f665
Signed-off-by: William Roberts wrobe...@tresys.com
---
fs/proc/base.c | 63
Also, updating to a master kernel now, to try and publish relative to that.
On Wed, Nov 20, 2013 at 5:29 PM, William Roberts
bill.c.robe...@gmail.com wrote:
Changes since last publish:
* Ran all patches through checkpatch, some elluded me.
* Changed cmdline copy/length API to reduce
This patch addresses the issue of dissappearing exe field that was
raised by William in the previous discussion on this patch.
On Thursday 21 November 2013 07:43 AM, Paul Davies C wrote:
Currently when the coredump signals are logged by the audit system , the
actual path to the executable is
Hi,
I'm running Red Hat Enterprise Linux AS release 4 (Nahant Update 3)
With a customized kernel version 2.6.32.
And auditctl version 1.0.12
When I run auditctl -l, I got the following error:
# auditctl -l
No rules
File system watches not supported
What options could be missing in my kernel
Currently when the coredump signals are logged by the audit system , the
actual path to the executable is not logged. Without details of exe , the
system admin may not have an exact idea on what program failed.
This patch changes the audit_log_task() so that the path to the exe is also
logged.
Resending the patch since I forgot to add the brackets around null in v1.
On Thursday 21 November 2013 08:14 AM, Paul Davies C wrote:
Currently when the coredump signals are logged by the audit system , the
actual path to the executable is not logged. Without details of exe , the
system admin
12 matches
Mail list logo
