On Wed, 7 Nov 2007 10:15:33 -0500 Steve Grubb wrote: > On Wednesday 07 November 2007 12:04:46 am Yuichi Nakamura wrote: > > I found syscall audit does not work on SH(SuperH). > > I made patch to support syscall audit for SH. > > I think this is close, but it looks like you missed the syscall > classification > piece. You can find an example here: > > arch/x86_64/kernel/audit.c > > Its used for determining which syscalls we are interested in for watches. Thanks, I did not know that. arch/sh is 32 bit only, so I think lib/audit.c is enough for sh.
> Also, IBM and HP both have released audit test suites. You should run the > CAPP > tests at a minimum to see if you have hooked everything that is expected. If > you have SE Linux enabled for that platform, you may want to try the LSPP > tests but you would need have the MLS policy installed. > > IBM's announcement is here: > > https://www.redhat.com/archives/redhat-lspp/2007-August/msg00002.html > > and HP's here: > > https://www.redhat.com/archives/linux-audit/2007-August/msg00030.html > > And...user space would need an update for the syscall table and arches so > that > you can run the tests. Please send that patch to linux-audit mail list. > > Thanks, > -Steve -- Yuichi Nakamura Hitachi Software Engineering Co., Ltd. Japan SELinux Users Group(JSELUG): http://www.selinux.gr.jp/ SELinux Policy Editor: http://seedit.sourceforge.net/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
