BPF audit logs
Paul Moore
paul at paul-moore.com
Wed Dec 21 23:40:05 UTC 2022
On Wed, Dec 21, 2022 at 4:03 PM Burn Alting <burn at swtf.dyndns.org> wrote:
> As Steve suggests, it would have value to provide more information (name, tag, uid) and I don't know if it's possible
> but relate it to the bpf syscall's file descriptor for the map created or program loaded (the exit value).
I'm primarily focused on the bogus ID during load, as that is an
obvious regression that needs to be addressed as soon as possible.
For various backport/support reasons, I don't want to combine the bug
fix with the feature enhancement of adding new fields.
--
paul-moore.com
More information about the Linux-audit
mailing list