From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alexander Viro <aviro@redhat.com>
Subject: Re: OBJ_PID records
Date: Thu, 27 Sep 2007 23:21:57 -0400
Message-ID: <20070928032157.GI21685@devserv.devel.redhat.com>
References: <200709211506.56322.sgrubb@redhat.com>
	<1190918445.3591.29.camel@localhost.localdomain>
	<200709271449.10108.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <linux-audit-bounces@redhat.com>
Content-Disposition: inline
In-Reply-To: <200709271449.10108.sgrubb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Thu, Sep 27, 2007 at 02:49:09PM -0400, Steve Grubb wrote:
> On Thursday 27 September 2007 14:40:45 Eric Paris wrote:
> > Interestingly on this machine the opid has ALWAYS been 1956 with
> > obj=syslogd_t. ??I don't however think there is anything special about
> > syslog though as that wasn't the obj in the messages sgrubb was getting,
> > although i do wonder if it was the same opid every time.....
> 
> Seems like it. I have one example where I have 86 records in a row with the 
> same opid.
> 
> -Steve
> 
> ----
> type=OBJ_PID msg=audit(09/20/2007 15:29:16.355:12775) : opid=2287  
> obj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 

Er... And what has pid 2287 on that box?