http://bugzilla.suse.com/show_bug.cgi?id=965861 http://bugzilla.suse.com/show_bug.cgi?id=965861#c1 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |meissner@suse.com, | |tonyj@suse.com Resolution|--- |INVALID --- Comment #1 from Marcus Meissner <meissner@suse.com> --- I do not think you can not filter on strings with the audit framework. man auditctl -F does not list exe or comm as valid fields. The comment for a0 has: Note that string arguments are not supported. This is because the kernel is passed a pointer to the string. Triggering on a pointer address value is not likely to work. -- You are receiving this mail because: You are on the CC list for the bug.