Re: [PATCH] TaskTracker : Simplified thread information tracker.
On 14/09/28, Tetsuo Handa wrote:
(Q2) Does auxiliary record work with only type=SYSCALL case?
Auxiliary records don't work with AUDIT_LOGIN because that record has a
NULL context. Similarly for core dumps (AUDIT_ANOM_ABEND), AUDIT_SECCOMP,
configuration changes (AUDIT_CONFIG_CHANGE, AUDIT_FEATURE_CHANGE), most
(all?) AUDIT_USER_* messages.
Regards.
- RGB
--
Richard Guy Briggs <rbriggs(a)redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545