Closed cgzones closed 8 months ago
To my knowledge, these functions are only used by auditctl. Since the kernel only knows numbers, we convert names/groups in the rules to numbers. I'm wondering if I should mark a bunch of these functions deprecated and then pull them into a private library some time in the future?
There seem to be several third-party users of audit_rule_fieldpair_data(3)
:
Thanks for the info. I never would have guessed. :-) I'll review this more tomorrow.
OK, looks good to me. Thanks!
Use getpwuid_r(3) and getgrnam_r(3) instead of their non thread-safe version to protect against concurrent usage, not necessarily within libaudit.