Date: Fri, 15 Aug 2008 23:09:39 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Uladzislau Rezki <v.rezkii@sam-solutions.net> Cc: freebsd-hackers@freebsd.org, Roman Divacky <rdivacky@freebsd.org> Subject: Re: textvp_fullpath Message-ID: <alpine.BSF.1.10.0808152308120.28676@fledge.watson.org> In-Reply-To: <200808151217.04626.v.rezkii@sam-solutions.net> References: <200808142120.13609.v.rezkii@sam-solutions.net> <20080814184329.GA60497@freebsd.org> <200808151217.04626.v.rezkii@sam-solutions.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 15 Aug 2008, Uladzislau Rezki wrote: > We have to to do a few thinks: > > 1) do original "write" sys call; > 2) get full path (/etc/passwd); > 3) put all this information to user land through the character device. > > I get stuck in point 2. I need to get full path, but how ... In FreeBSD 6.2 and higher, the kernel event auditing facility provides exactly this service already. Take a look at the auditpipe(4) facility for details of the run-time monitoring aspect of that. Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.1.10.0808152308120.28676>