Why doesn't this rule block syscall records?

Steve Grubb sgrubb at redhat.com
Thu Jul 12 20:39:08 UTC 2007

Previous message (by thread): Why doesn't this rule block syscall records?
Next message (by thread): Why doesn't this rule block syscall records?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 12 July 2007 01:22:35 pm Taylor_Tad at emc.com wrote:
> I was trying out a syscall entry rule that I thought would block audit
> records from system services/daemons that haven't had their audit ID
> (auid) set yet.

Which kernel are you using? There was a signed/unsigned promotion and 
comparison bug fixed not too long ago.

-Steve

Previous message (by thread): Why doesn't this rule block syscall records?
Next message (by thread): Why doesn't this rule block syscall records?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audit mailing list