> On Thu, 2005-11-10 at 12:46 -0300, Ma. Alejandra Castillo wrote: > > I am occupying the tool seaudit in fedora core 4, but the fields host > > and executablee they appear always empty, what is very strange. I am > > charging /var/log/audit.log, some suggestion so that these fields > > appear? > > Logging of the executable path migrated from the SELinux avc audit code > to the syscall audit code due to a deadlock issue, so avc messages only > include the comm= information now. However, whenever an avc message is > generated, a syscall audit record is also generated when the syscall > exits, and that includes the exe= information. The two messages can be > correlated using the audit event id. I don't know if newer versions of > seaudit perform such correlation or not. We don't support the syscall records now, so correlation is not supported either. We are looking into this as it seems useful especially now that there is less information in the avc messages. Kevin Carr Tresys Technology 410.290.1411 x137 -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
