Mailinglist Archive: opensuse-bugs (4510 mails)

< Previous Next >
[Bug 965861] Auditd reports unknown field for comm and exe when used on rules
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 10 Feb 2016 07:09:28 +0000
  • Message-id: <>

Marcus Meissner <meissner@xxxxxxxx> changed:

What |Removed |Added
CC| |meissner@xxxxxxxx,
| |tonyj@xxxxxxxx
Resolution|--- |INVALID

--- Comment #1 from Marcus Meissner <meissner@xxxxxxxx> ---
I do not think you can not filter on strings with the audit framework.

man auditctl
-F does not list exe or comm as valid fields.

The comment for a0 has:
Note that string arguments are not supported. This is because the kernel is
passed a pointer to the string. Triggering on a pointer address value is not
likely to work.

You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >