From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matthew Booth <mbooth@redhat.com>
Subject: Relation of syscall names to System.map
Date: Tue, 10 Apr 2007 11:01:19 +0100
Message-ID: <1176199279.3978.19.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1389436633=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from [192.168.1.8] (sebastian-int.corp.redhat.com [172.16.52.221])
	by pobox.surrey.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id
	l3AHYdwG009397
	for <linux-audit@redhat.com>; Tue, 10 Apr 2007 18:34:40 +0100
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com


--===============1389436633==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="=-m5yND3ki8ZtlmdcV/GMA"


--=-m5yND3ki8ZtlmdcV/GMA
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

I was recently going through syscalls I'm auditing and matching them up
to symbols in System.map starting with 'sys_'. I noted that the two
don't appear to be completely related. The system in question is RHEL 4
x86_64. Specifically I noted:

* sys_stime is in System.map, but 'stime' is not recognised by auditctl
* sys_umount2 is not in System.map, but is recognised by auditctl

Am I looking for a relationship which doesn't exist? Is there a better
way to get a definitive, locally generated list of all auditable
syscalls on a particular machine?

Thanks,

Matt
--=20
Matthew Booth, RHCA, RHCSS
Red Hat, Global Professional Services

M:       +44 (0)7977 267231
GPG ID:  D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490

--=-m5yND3ki8ZtlmdcV/GMA
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBGG2BvNEHqGdM8NJARAoNDAJ9VuNg2uD+qdsvUE5lTOOb48MwN4ACbB1N7
TBCM6INU4onFxPoHMOC2XYM=
=gAOV
-----END PGP SIGNATURE-----

--=-m5yND3ki8ZtlmdcV/GMA--


--===============1389436633==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============1389436633==--