On Thu, Aug 24, 2023 at 9:47 AM Tetsuo Handa <penguin-ker...@i-love.sakura.ne.jp> wrote: > On 2023/08/24 22:39, Tetsuo Handa wrote: > >>> (1) Catch _all_ process creations (both via fork()/clone() system calls > >>> and > >>> kthread_create() from the kernel), and duplicate the history upon > >>> process > >>> creation. > >> > >> Create an audit filter rule to record the syscalls you are interested > >> in logging. > > > > I can't interpret what you are talking about. Please show me using command > > line. > > I'm not interested in logging the syscalls just for maintaining process > history > information.
That's unfortunate because I'm not interested in merging your patch when we already have an audit log which can be used to trace process history information. -- paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
