Mailinglist Archive: opensuse-bugs (4510 mails)

< Previous Next >
[Bug 965861] Auditd reports unknown field for comm and exe when used on rules
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 10 Feb 2016 07:09:28 +0000
  • Message-id: <bug-965861-21960-zdkxntYr6n@http.bugzilla.suse.com/>
http://bugzilla.suse.com/show_bug.cgi?id=965861
http://bugzilla.suse.com/show_bug.cgi?id=965861#c1

Marcus Meissner <meissner@xxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |meissner@xxxxxxxx,
| |tonyj@xxxxxxxx
Resolution|--- |INVALID

--- Comment #1 from Marcus Meissner <meissner@xxxxxxxx> ---
I do not think you can not filter on strings with the audit framework.

man auditctl
-F does not list exe or comm as valid fields.

The comment for a0 has:
Note that string arguments are not supported. This is because the kernel is
passed a pointer to the string. Triggering on a pointer address value is not
likely to work.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
References