From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Kernel patches needed
Date: Thu, 09 May 2013 09:26:58 -0400 [thread overview]
Message-ID: <6029710.WhGyKOtD7f@x2> (raw)
Hi,
I was just doing some validation work to make sure the newly converted
ausearch is producing the exact same output as it used to...and found a couple
items that needs patching.
1) AUDIT_TTY events are not recording a subject field.
2) AVC records can sometimes have dev="md1". The dev field is documented as
being the numeric device number. Cases like this should be changed to
"devname" which can be encoded.
3) We might need a supplemental record for *setxattr. The flags field is the
fifth argument and not recorded anywhere.
Thanks,
-Steve
next reply other threads:[~2013-05-09 13:27 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-09 13:26 Steve Grubb [this message]
2013-05-13 1:18 ` Kernel patches needed Eric Paris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6029710.WhGyKOtD7f@x2 \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.