Records that are triggered by an AUDIT_SIGNAL_INFO message including
AUDIT_DAEMON_CONFIG (HUP), AUDIT_DAEMON_ROTATE (USR1),
AUDIT_DAEMON_RESUME (USR2) and AUDIT_DAEMON_END (TERM) have inconsistent
reporting of signal info and swinging field "state".
They also assume that an empty security context
When a process signals the audit daemon (shutdown, rotate, resume,
reconfig) but syscall auditing is not enabled, we still want to know the
identity of the process sending the signal to the audit daemon.
Move audit_signal_info() out of syscall auditing to general auditing but
create a new function
On Fri, May 10, 2019 at 12:16 PM Richard Guy Briggs wrote:
> On 2019-05-10 11:28, Paul Moore wrote:
> > On Thu, May 9, 2019 at 8:02 PM Richard Guy Briggs wrote:
> > >
> > > Provide a method to filter out sockaddr and bind calls by network
> > > address family.
> > >
> > > Existing SOCKADDR record
On 2019-05-10 11:28, Paul Moore wrote:
> On Thu, May 9, 2019 at 8:02 PM Richard Guy Briggs wrote:
> >
> > Provide a method to filter out sockaddr and bind calls by network
> > address family.
> >
> > Existing SOCKADDR records are listed for any network activity.
> > Implement the AUDIT_SADDR_FAM f
On Thu, May 9, 2019 at 8:02 PM Richard Guy Briggs wrote:
>
> Provide a method to filter out sockaddr and bind calls by network
> address family.
>
> Existing SOCKADDR records are listed for any network activity.
> Implement the AUDIT_SADDR_FAM field selector to be able to classify or
> limit recor
