Paul Moore <[email protected]> writes: > On Tue, May 3, 2022 at 5:02 AM Sven Schnelle <[email protected]> wrote: >> >> For automated filtering/testing it is useful to have the >> filter key logged in the message. >> >> Signed-off-by: Sven Schnelle <[email protected]> >> --- >> kernel/auditsc.c | 1 + >> 1 file changed, 1 insertion(+) > > The SOCKETCALL record, along with all of the others generated inside > show_special(), are associated with a SYSCALL record which carries the > "key=" field. As a general rule we try very hard not to duplicate > fields across records in a single audit event.
Ok, thanks. Guess you can ignore both patches than. Thanks! -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
