site_archiver@lists.apple.com Delivered-To: Darwin-kernel@lists.apple.com /private has always existed on Mac OS X, and is a vestige of network rooting support from NeXTSTEP. The paths logged by the auditing subsystem (should have) always been after pathname translation, and be the equivalent of a realpath(3)-ed path on the input paths. Are you saying this is a regression from Leopard or a previous release? Shantonu Sen ssen@apple.com On Mar 14, 2011, at 9:51 AM, Todd Heberlein wrote:

In Snow Leopard's audit trails I see a lot of accesses to paths that begin with "private", like "/private/etc/security" instead of just "/etc/security". I see that "/etc", "/tmp", and "/var" are all symbolic links to their equivalents inside "/private".

Is there some new behavior to the system because of the use of the "/private" directory?

Todd

_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/ssen%40apple.com

This email sent to ssen@apple.com

_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com