From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: audit_ftype_to_name? Date: Tue, 22 Oct 2013 13:59:32 -0400 Message-ID: <22306526.QMWnzUdp8j@x2> References: <20131018114722.GA14660@columba.inf.ed.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20131018114722.GA14660@columba.inf.ed.ac.uk> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Friday, October 18, 2013 12:47:23 PM Stephen Quinney wrote: > I am wanting to use the audit_ftype_to_name function which is provided > in the audit python module. It seems that this always returns None > which is not particularly useful. It shouldn't return that except when there is no match. > I can see that the function is implemented in lib/lookup_table.c and it only > does something when the NO_TABLES cpp macro is not defined. Correct. >In src/mt/Makefile.am that is defined (with -DNO_TABLES in AM_CFLAGS), I assume > that is deliberate? Yes. That location is a private copy recompiled for pthreads use and linked only to auditd. Auditd has no use for those tables so they are thrown away. > I can't see any definition of the ftype_i2s function which is called > by audit_ftype_to_name so maybe this hasn't been implemented yet? Yes, it has been. However, its over in lib/libaudit. It seems to work fin on my system: #!/usr/bin/env python import sys import audit name = audit.audit_ftype_to_name(0140000) print '%s\n' % (name,), sys.exit(0) $ ./test.py socket