From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Eric Howard" <pt3vjld02@sneakemail.com>
Subject: Not trapping 'symlink' system call
Date: 6 Jun 2007 18:40:04 -0000
Message-ID: <4968-50499@sneakemail.com>
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx2.redhat.com (mx2.redhat.com [10.255.15.25])
	by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l56Iehp5029158
	for <linux-audit@redhat.com>; Wed, 6 Jun 2007 14:40:44 -0400
Received: from monkey.sneakemail.com (sneakemail.com [38.113.6.61])
	by mx2.redhat.com (8.13.1/8.13.1) with SMTP id l56IeAx8014057
	for <linux-audit@redhat.com>; Wed, 6 Jun 2007 14:40:10 -0400
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

I have been tasked to generate test cases to validate the proper execution of particular syscall audit flags.  In most cases I have succeeded in triggering audit log entries.  However, I have been unable to trigger audit entries for the 'symlink call'  My test cases are generated by a shell script that execute commands to trigger the relevant calls.  In my test case I created a hard-link and a soft-link using /bin/ln.  Running strace indicated that the syscall was definitely made but  'ausearch -sc symlink' shows nothing.  I am using audit-1.0.15-3.EL4.  Any insight into this problem would be appreciated.

Sincerely,

Eric Howard





--------------------------------------
Protect yourself from spam, 
use http://sneakemail.com