Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook

From: Chris Wright (chrisw@private)
Date: Mon Dec 06 2004 - 20:16:16 PST


* Adrian Drzewiecki (z@private) wrote:
> Goal: let LSMs define custom syscall auditing.
> 
> The patch below introduces a new LSM hook security_audit_syscall.
> It is meant to be called from ptrace.c:do_syscall_trace(). Architectures
> which choose to use this hook should move the syscall audit code
> out of do_syscall_trace() into audit_syscall() and
> define ARCH_HAVE_AUDIT_SYSCALL. See i386 and UM arch patches for details.

Adrian, I don't quite understand the need for this patch.  Could you
supply some more details?

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net



This archive was generated by hypermail 2.1.3 : Mon Dec 06 2004 - 20:16:44 PST