Missing "nametype" field in audit PATH records
Steve Grubb
sgrubb at redhat.com
Wed Jun 6 18:26:01 UTC 2018
On Tuesday, May 29, 2018 10:42:11 AM EDT Nimrod Ostrovsky wrote:
> Hello,
>
> I use the latest audit-userspace version on kernel 3.0.21, and Im trying
> to compile a dispatcher app for audispd.
> The problem is that PATH records does not have the "nametype" field in in
> this kernel version, and I want to be able to distinct between "parent"
> PATH records and any other types.
>
> Any ideas how to solve this issue?
> (Without having to upgrade the kernel)
Looks like that landed in the 3.10 kernel. Short of backporting nametype
support to your kernel, there is nothing else that you can do.
-Steve
More information about the Linux-audit
mailing list