On Thu, Feb 15, 2018 at 9:59 PM, Richard Guy Briggs wrote:
> On 2018-02-15 18:34, Paul Moore wrote:
>> On Wed, Feb 14, 2018 at 11:18 AM, Richard Guy Briggs wrote:
>> > Audit link denied events for symlinks were missing the parent PATH
>> > record. Add it. Since the full pathname may not be avai
On Fri, Feb 16, 2018 at 3:23 AM, Richard Guy Briggs wrote:
> On 2018-02-15 17:15, Paul Moore wrote:
>> On Mon, Feb 12, 2018 at 12:02 AM, Richard Guy Briggs wrote:
>> > More than one filesystem was causing hundreds to thousands of null PATH
>> > records to be associated with the *init_module SYSCA
In the process of trying to track down a potential bug altering the
registered arch for a syscall rule, I propose this simplification of
struct audit_krule that removes an unnecessary member.
The arch_f pointer was added to the struct audit_krule in commit:
e54dc2431d740a79a6bd013babade99d71b1714f
On 2018-02-15 15:42, Paul Moore wrote:
> On Mon, Feb 12, 2018 at 7:29 AM, Richard Guy Briggs wrote:
> > The arch_f pointer was added to the struct audit_krule in commit:
> > e54dc2431d740a79a6bd013babade99d71b1714f ("audit signal recipients")
> >
> > This is only used on addition and deletion of r
On 2018-02-15 17:15, Paul Moore wrote:
> On Mon, Feb 12, 2018 at 12:02 AM, Richard Guy Briggs wrote:
> > More than one filesystem was causing hundreds to thousands of null PATH
> > records to be associated with the *init_module SYSCALL records on a few
> > modules with corresponding audit syscall
