PERFORCE change 91394 for review

Wayne Salamon wsalamon at
Wed Feb 8 13:11:37 GMT 2006

Change 91394 by wsalamon at gretsch on 2006/02/08 13:11:28

	Add items about clarifiying the interaction of naflags,
	current audit state, and what userspace might need to
	do. Also add item about kernel's audit state indicators.

Affected files ...

.. //depot/projects/trustedbsd/audit3/notes/TODO_audit.txt#5 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/notes/TODO_audit.txt#5 (text+ko) ====

@@ -75,3 +75,18 @@
 kernel event mapping.  Make the synchronization code a library function in
 OpenBSM so that the same code can be used in both auditd and the audit
 test suite.
+- Determine what the correct behavior should be for processes that
+are started before audit is enabled: Should they be audited based
+on naflags AFTER audit is enabled, or do they not get audited.
+- For programs that set the audit masks for authenticated users
+(login, sshd, etc.) need to consider the audit off vs. audit
+disabled (a temporary condition) state. Should the flags for
+the process be set in the disabled state but not the off state?
+- Review the kernel audit_enabled and audit_suspended flags, making
+sure they are used consistently, and they map to the exposed state
+- Clearly document whatever is decided for the three items above.
To Unsubscribe: send mail to majordomo at
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list