On 14/03/12, James Morris wrote: > On Tue, 11 Mar 2014, Tetsuo Handa wrote: > > > And the same phrase goes to James Morris... > > > > If you are sure that it is safe to use get_task_comm() from > > dump_common_audit_data() and you prefer locked version, please pick up below > > patch via your git tree. > > > > If you are unsure or prefer lockless version, I'll make a lockless version > > using do_get_task_comm() proposed in this thread. > > If you can't understand whether your patch is correct or not, don't ask me > to apply it to my tree. > > If you're unsure, get it reviewed first.
Steve (see https://lkml.org/lkml/2014/3/11/218 ) and James, Are the labels on data output in LSM_AUDIT_DATA_TASK even right? The general case gives pid and comm of current. Then the LSM_AUDIT_DATA_TASK case gives pid and comm from the task handed in in the struct common_audit_data pointer. They are a duplicate of the general case without generating a new message. I expect this will cause ausearch to ignore those latter two fields. Should the latter two be renamed to something like ad_pid= and ad_comm= ? Tetsuo, this conversation should have been on the [email protected] list the whole time... > - James - RGB -- Richard Guy Briggs <[email protected]> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
