Problems with -F exit!=-2 on x86_64
Steve Grubb
sgrubb at redhat.com
Mon Feb 19 22:06:37 UTC 2007
On Monday 19 February 2007 16:46, Matthew Booth wrote:
> I tried the following on both i386 and x86_64:
>
> auditctl -a exit,always -S open -F exit!=-2
>
> This works exactly as expected on i386, but not on x86_64. The effect on
> x86_64 is as if no filtering had been applied. However the following,
> for eg, works fine:
Its a kernel bug. bz 196233 Its scheduled to be in RHEL4U5.
-Steve
More information about the Linux-audit
mailing list