On Tue, Mar 7, 2023 at 4:17 PM Steve Grubb <sgrubb(a)redhat.com> wrote:
Hello Paul,
On Tuesday, February 28, 2023 5:04:04 PM EST Paul Moore wrote:
> ... if you look closely you'll notice that the #289 event (the async
> URINGOP) is missing from the ausearch output.
Thanks for the bug report. Let me know if you see anything else.
Upstream commit 7d35e14 should fix parsing URINGOP and DM_CTRL records.
Thanks Steve. I'm working through the post merge window batch of
reviews/merging, but I'll give that commit a shot and let you know how
it goes.
Btw, has anyone ever seen a DM_CTRL record? I don't think they
are following our
guidelines.
They were added back in the v5.16 timeframe:
*
https://www.paul-moore.com/blog/d/2022/01/linux_v516.html
... with patches first being posted to the linux-audit@redhat list in
August 2021:
*
https://lore.kernel.org/linux-audit/20210812145748.4460-1-michael.weiss@a...
--
paul-moore.com