Paul Moore
Paul Moore
Great, let us know what you find out ... and please don't limit yourself to just my suggestions above :)
> I have a simple audit-testsuite test for this in my fork https://github.com/The-Mule/audit-testsuite/tree/filter-exit (it only checks exit filter for open* syscalls). Is it something we want to have in audit-testsuite?...
Great, thank you!
With the kernel fix upstream I think we can close out this issue, if anyone disagrees feel free to leave a comment in the issue and we can reopen it.
We would need to verify this, but I believe the issue might be due to the nature of the syscall, for example, the exit_group(2) syscall never returns. Do you have...
@stevegrubb (see comment above) I know you've been working on this a lot recently, do you have a list of syscalls where you are seeing missing success/exit values?
I looked at the code and there seems to be a conditional. I'm sorry, I need some context here; which code are you referring to with "the code"? Kernel? Userspace?...
@stevegrubb added the comment below to a duplicate issue (#71): >The seccomp trap event is probably not suitable to log by default. I think people are writing some supervisor process...
"Please don't do this."
Let me add to this, I think it is a *good* thing to have people look at the test source when the test fails; I actually would encourage that in...