MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <16453.49072.809252.290117@neuro.alephnull.com>
Date: Wed, 3 Mar 2004 06:21:20 -0500
From: Rik Faith <faith@redhat.com>
To: Muli Ben-Yehuda <mulix@mulix.org>
Cc: Christoph Hellwig <hch@infradead.org>, okir@suse.de,
       linux-kernel@vger.kernel.org
Subject: Re: [PATCH][RFC] Light-weight Auditing Framework
In-Reply-To: [Muli Ben-Yehuda <mulix@mulix.org>] Wed  3 Mar 2004 10:55:01 +0200
References: <16451.25789.72815.763592@neuro.alephnull.com>
	<20040301194501.A9080@infradead.org>
	<16451.40189.997259.379123@neuro.alephnull.com>
	<20040303085501.GC31052@mulix.org>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1151
Lines: 21

On Wed  3 Mar 2004 10:55:01 +0200, Muli Ben-Yehuda <mulix@mulix.org> wrote:
> I'd like to second the sentiment - for syscalltrack, we would love to
> have a framework that can be used for debugging system call events. 

I should clarify to avoid any confusion.  The audit framework I am
proposing does _not_ allow for generic hooking of system calls.

However, the ability to audit the call is generic in the sense that
another part of the kernel can request that an audit record be generated
for the current in-progress system call (or filtering can be used to
request that audit records be generated).  Although this should be
sufficient for SELinux and other security infrastructures, as well as
many non-security uses, it would only support a subset of what
syscalltrack can do currently (i.e., audit can provide information about
the syscall, but can't be used to change the behavior of the syscall).

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/