On Thu, 2005-11-10 at 12:46 -0300, Ma. Alejandra Castillo wrote: > I am occupying the tool seaudit in fedora core 4, but the fields host > and executablee they appear always empty, what is very strange. I am > charging /var/log/audit.log, some suggestion so that these fields > appear? Logging of the executable path migrated from the SELinux avc audit code to the syscall audit code due to a deadlock issue, so avc messages only include the comm= information now. However, whenever an avc message is generated, a syscall audit record is also generated when the syscall exits, and that includes the exe= information. The two messages can be correlated using the audit event id. I don't know if newer versions of seaudit perform such correlation or not. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
