Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook

From: Chris Wright (chrisw@private)
Date: Mon Dec 06 2004 - 20:16:16 PST

Previous message: Adrian Drzewiecki: "[RFC][PATCH 1/3] Introduce audit_syscall LSM hook"
In reply to: Adrian Drzewiecki: "[RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
Next in thread: Adrian Drzewiecki: "Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
Reply: Adrian Drzewiecki: "Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

* Adrian Drzewiecki (z@private) wrote:
> Goal: let LSMs define custom syscall auditing.
> 
> The patch below introduces a new LSM hook security_audit_syscall.
> It is meant to be called from ptrace.c:do_syscall_trace(). Architectures
> which choose to use this hook should move the syscall audit code
> out of do_syscall_trace() into audit_syscall() and
> define ARCH_HAVE_AUDIT_SYSCALL. See i386 and UM arch patches for details.

Adrian, I don't quite understand the need for this patch.  Could you
supply some more details?

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

Previous message: Adrian Drzewiecki: "[RFC][PATCH 1/3] Introduce audit_syscall LSM hook"
In reply to: Adrian Drzewiecki: "[RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
Next in thread: Adrian Drzewiecki: "Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
Reply: Adrian Drzewiecki: "Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Dec 06 2004 - 20:16:44 PST