Re: [RFC][PATCH 3/3] audit: Audit proc cmdline value

2014-01-14 Thread Richard Guy Briggs
On 14/01/14, William Roberts wrote: > The race was non existent. I had the VMA locked. I switched to this to keep > the code that gets the cmdline value almost unchanged to try and reduce > bugs. I can still author a patch on top of this later to optimize. However > the buffer is smaller. Before it

Re: [RFC][PATCH 3/3] audit: Audit proc cmdline value

2014-01-14 Thread William Roberts
This bounced LKML, re-sending. My phone sent it as HTML On Tue, Jan 14, 2014 at 7:50 PM, William Roberts wrote: > The race was non existent. I had the VMA locked. I switched to this to keep > the code that gets the cmdline value almost unchanged to try and reduce > bugs. I can still author a patc

Re: [RFC][PATCH 3/3] audit: Audit proc cmdline value

2014-01-14 Thread Richard Guy Briggs
On 14/01/06, William Roberts wrote: > During an audit event, cache and print the value of the process's > cmdline value (proc//cmdline). This is useful in situations > where processes are started via fork'd virtual machines where the > comm field is incorrect. Often times, setting the comm field st

Re: [RFC][PATCH 3/3] audit: Audit proc cmdline value

2014-01-06 Thread William Roberts
On Mon, Jan 6, 2014 at 9:08 AM, Mateusz Guzik wrote: > I can't comment on the concept, but have one nit. FYI: The concept is something that has been in the works and at least ackd on by the current maintainer of audit: http://marc.info/?l=linux-kernel&m=138660320704580&w=2 > > On Mon, Jan 06, 20

RE: [RFC][PATCH 3/3] audit: Audit proc cmdline value

2014-01-06 Thread William Roberts
...@tycho.nsa.gov; William Roberts Subject: Re: [RFC][PATCH 3/3] audit: Audit proc cmdline value I can't comment on the concept, but have one nit. On Mon, Jan 06, 2014 at 07:30:30AM -0800, William Roberts wrote: > +static void audit_log_cmdline(struct audit_buffer *ab, struct task_struct

Re: [RFC][PATCH 3/3] audit: Audit proc cmdline value

2014-01-06 Thread Mateusz Guzik
I can't comment on the concept, but have one nit. On Mon, Jan 06, 2014 at 07:30:30AM -0800, William Roberts wrote: > +static void audit_log_cmdline(struct audit_buffer *ab, struct task_struct > *tsk, > + struct audit_context *context) > +{ > + int res; > + char *buf;

[RFC][PATCH 3/3] audit: Audit proc cmdline value

2014-01-06 Thread William Roberts
During an audit event, cache and print the value of the process's cmdline value (proc//cmdline). This is useful in situations where processes are started via fork'd virtual machines where the comm field is incorrect. Often times, setting the comm field still is insufficient as the comm width is not

[RFC][PATCH 3/3] audit: Audit proc cmdline value

2013-12-23 Thread William Roberts
During an audit event, cache and print the value of the process's cmdline value (proc//cmdline). This is useful in situations where processes are started via fork'd virtual machines where the comm field is incorrect. Often times, setting the comm field still is insufficient as the comm width is not