What | Removed | Added |
---|---|---|
Status | NEW | RESOLVED |
CC | meissner@suse.com, tonyj@suse.com | |
Resolution | --- | INVALID |
I do not think you can not filter on strings with the audit framework. man auditctl -F does not list exe or comm as valid fields. The comment for a0 has: Note that string arguments are not supported. This is because the kernel is passed a pointer to the string. Triggering on a pointer address value is not likely to work.