Audit subsystem beginnings.
Kris Kennaway
kris at FreeBSD.org
Sat May 20 07:27:12 GMT 2000
On Wed, 17 May 2000, Andrew Reiter wrote:
> -[1] We must decide what is currently considered to be audit-like in the
> current (4.0) implementation. We must decide this so that we may not have
> to always be reinventing the wheel. If we feel that something is
> audit-like, then we may be able to take this and easily rip it from the
> current code and put it into our new audit subsystem.
IMO you should take a careful look at the kqueue() framework, which
already exists for capturing kernel events and queueing them for delivery
(including delivery to userland).
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe at alum.mit.edu>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list