[RFC] audit support for BPF notification
Jiri Olsa
jolsa at redhat.com
Fri Aug 9 14:18:31 UTC 2019
hi,
I posted initial change that allows auditd to log BPF program
load/unload events, it's in here:
https://github.com/linux-audit/audit-userspace/pull/104
We tried to push pure AUDIT interface for BPF program notification,
but it was denied, the discussion is in here:
https://marc.info/?t=153866123200003&r=1&w=2
The outcome of the discussion was to use perf event interface
for BPF notification and use it in some deamon.. audit was our
first choice.
thoughts?
thanks,
jirka
More information about the Linux-audit
mailing list