Paul Moore
Paul Moore
@vikman90 the differences across distros is likely the result of different kernels, not the audit daemon. What kernel versions are you running on each system? I'm guessing that you are...
It's always hard to know exactly what is in a distro kernel, but the CentOS 7.x kernels are very old and there are likely a number of patches/fixes that are...
I don't like the process of adding aux records in the case where we aren't recording enough of the syscall arguments. I was always afraid that not recording all of...
For reference: http://man7.org/linux/man-pages/man2/setxattr.2.html
> The problem is we are not hooked in to the linux community where they run an ABI past the audit team to see if t meets our requirements. This...
NOTE: I edited the original posting to make the directory structure example a fixed-width font code block for readability; the contents were not changed in any way.
> Greetings! @pcmoore , what do you mean by saying "it is because the full path is not available"? I did not say that, the original poster did in their...
It is important to keep in mind that the backlog setting doesn't *reserve* any memory, it simply allows the backlog to grow up to a specified limit. If the backlog...
Okay, queue stats are something else entirely, and I fear that a single maximum backlog depth value by itself isn't going to be terribly interesting. I'm going to adjust this...
Related list discussion from spring/summer 2020: * https://lore.kernel.org/linux-audit/20200616045855.GA1699@linux-kernel-dev