Sucess or failure?
Giang Nguyen
cauthu at gmail.com
Sun Jul 22 03:44:33 UTC 2012
On Sat, Jul 21, 2012 at 9:48 PM, Michael Mather
<michael.mather at teksavvy.com> wrote:
> Hi,
>
> I enter the command "sudo cp qwerty /etc/xxx"
> and get the reply: "cp: cannot stat `qwerty': No such file or directory."
>
> A number of log entries are written. The last two are, in part:
>
> type=SYSCALL success=yes
> type=EXECVE argc=3 a0="cp" a1="qwerty" a2="/etc/xxx"
>
> My problem is with "success=yes".
>
> What is happening?
Assuming the syscall is execve, then it succeeds because your shell
successfully execve() to run cp.
Then cp the program fails.
More information about the Linux-audit
mailing list