| What | Removed | Added |
|---|---|---|
| Status | NEW | RESOLVED |
| CC | meissner@suse.com, tonyj@suse.com | |
| Resolution | --- | INVALID |
I do not think you can not filter on strings with the audit framework. man auditctl -F does not list exe or comm as valid fields. The comment for a0 has: Note that string arguments are not supported. This is because the kernel is passed a pointer to the string. Triggering on a pointer address value is not likely to work.