From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matthew Booth <mbooth@redhat.com>
Subject: Not auditing dispatchers
Date: Fri, 06 Jun 2008 13:21:16 +0100
Message-ID: <48492BBC.40400@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from pobox.fab.redhat.com (pobox.fab.redhat.com [10.33.63.12])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m56JbQpX027373
	for <linux-audit@redhat.com>; Fri, 6 Jun 2008 15:37:26 -0400
Received: from mbooth.laptop (vpn-6-7.fab.redhat.com [10.33.6.7])
	by pobox.fab.redhat.com (8.13.1/8.13.1) with ESMTP id m56JbPL1002259
	for <linux-audit@redhat.com>; Fri, 6 Jun 2008 15:37:25 -0400
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

The kernel ignores auditable events from the audit daemon, but is there 
an 'approved' way to achieve the same for dispatchers? The problem is 
the same, in that you get an infinite loop if the dispatcher itself 
performs any action which generates an audit record.

Thanks,

Matt
-- 
Matthew Booth, RHCA, RHCSS
Red Hat, Global Professional Services

M:       +44 (0)7977 267231
GPG ID:  D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490