auditd process memory leak

2021-06-28 Thread 宋建昌
My environment: CPU: Kunpeng 910 arch: aarch64 system: Kylin Linux Advanced Server release V10 (Tercel) kernel: 4.19.90-23.6.v2101.ky10.aarch64 auditd version: audit-libs-3.0-5.se.06.ky10.aarch64 audit-3.0-5.se.06.ky10.aarch64 python3-audit-3.0-5.se.06.ky10.aarch64 Auditd process uses an increasi

AUDIT_ARCH_ and __NR_syscall constants for seccomp filters

2021-06-28 Thread Thomas Weißschuh
Hi everyone, there does not seem to be a way to access the AUDIT_ARCH_ constant that matches the currently visible syscall numbers (__NR_...) from the kernel uapi headers. Background: I am writing a seccomp BPF filter using the syscall constants to get the correct syscall numbers for the target

Re: AUDIT_ARCH_ and __NR_syscall constants for seccomp filters

2021-06-28 Thread Paul Moore
On Mon, Jun 28, 2021 at 9:25 AM Thomas Weißschuh wrote: > > Hi everyone, > > there does not seem to be a way to access the AUDIT_ARCH_ constant that > matches > the currently visible syscall numbers (__NR_...) from the kernel uapi headers. Looking at Linus' current tree I see the AUDIT_ARCH_* de

Re: AUDIT_ARCH_ and __NR_syscall constants for seccomp filters

2021-06-28 Thread Thomas Weißschuh
Hi Paul, thanks for your response! On Mo, 2021-06-28T12:59-0400, Paul Moore wrote: > On Mon, Jun 28, 2021 at 9:25 AM Thomas Weißschuh wrote: > > > > Hi everyone, > > > > there does not seem to be a way to access the AUDIT_ARCH_ constant that > > matches > > the currently visible syscall numbers

Re: AUDIT_ARCH_ and __NR_syscall constants for seccomp filters

2021-06-28 Thread Paul Moore
On Mon, Jun 28, 2021 at 1:13 PM Thomas Weißschuh wrote: > > Hi Paul, > > thanks for your response! Hi :) > On Mo, 2021-06-28T12:59-0400, Paul Moore wrote: > > On Mon, Jun 28, 2021 at 9:25 AM Thomas Weißschuh > > wrote: > > > > > > Hi everyone, > > > > > > there does not seem to be a way to acc

Re: AUDIT_ARCH_ and __NR_syscall constants for seccomp filters

2021-06-28 Thread Thomas Weißschuh
Hi again! On Mo, 2021-06-28T13:34-0400, Paul Moore wrote: > On Mon, Jun 28, 2021 at 1:13 PM Thomas Weißschuh wrote: > > On Mo, 2021-06-28T12:59-0400, Paul Moore wrote: > > > On Mon, Jun 28, 2021 at 9:25 AM Thomas Weißschuh > > > wrote: > > > > > > > > Hi everyone, > > > > > > > > there does not

Re: AUDIT_ARCH_ and __NR_syscall constants for seccomp filters

2021-06-28 Thread Paul Moore
On Mon, Jun 28, 2021 at 1:58 PM Thomas Weißschuh wrote: > > Hi again! !!! :) > On Mo, 2021-06-28T13:34-0400, Paul Moore wrote: > > On Mon, Jun 28, 2021 at 1:13 PM Thomas Weißschuh > > wrote: > > > On Mo, 2021-06-28T12:59-0400, Paul Moore wrote: > > > > On Mon, Jun 28, 2021 at 9:25 AM Thomas We