Re: [PATCH v3 0/4] audit(userspace): Improve arm/aarch64 support

On ARM, endianness doesn't make any differences on auditing. See the discussion below: http://permalink.gmane.org/gmane.linux.ports.arm.kernel/165266 In this version, mistakenly-used "ARMEB" and "armeb" are substituted with "ARM" and "arm" respectively in Patches [1,2/4]. patch [3/4] adds more system call definitions for aarch64 (or arm64 in kernel) that are missing in the current implementation. https://www.redhat.com/archives/linux-audit/2013-November/msg00082.html Patch [4/4] enables auditing 32-bit tasks (ie. auditctl -F arch=b32) on aarch64. This code replies on my kernel patch for aarch64 support, and was tested on armv8 fast model with 32-bit/64-bit userland: 1) basic operations with auditctl/autrace # auditctl -a exit,always -S openat -F path=/etc/inittab # auditctl -a exit,always -F dir=/tmp -F perm=rw # auditctl -a task,always # autrace /bin/ls by comparing output from autrace with one from strace 2) audit-test-code (+ my workarounds for arm/arm64) by running "audit-tool", "filter" and "syscalls" test categories.