[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

No audit records on FC5-t3 when arch is specified



Hi,
I just fresh installed a FC5-t3 (2.6.15-1.1955_FC5) on a ppc64 system and noticed the following behavior with auditctl:

Inserting an audit rule in following manner works (ie. there is record for rule addition, and it generates a record when the syscall is executed)
	auditctl -a action,list -S syscall

However, the following does not work (ie. there is a record that a rule was added in log, but no record is generated when syscall is executed)
	auditctl -a action,list -F arch=b32 -S syscall	or
	auditctl -a action,list -F arch=b64 -S syscall

The version of auditctl on the system is audit-1.1.4-5.1

Michael tried this on an i386 FC5-t3 and he sees the same problem. But on an i386 with latest lspp.10 kernel everything works fine.

Has anyone experienced this problem?

- Loulwa


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]