Hi List,
I am experimenting with sescomp (minijail) and audit v2.8.2 on Ubuntu kernel 4.4.0
I see in audit log ANOM_ABEND sig =6 events causes by seccomp, but no events of type SECCOMP
Perhaps some configuration in kernel missing, perhaps I should put some rules in audit rules
I also want to understand which seccomp return actions will be logged by Audit.
For example, seccomp have SECCOMP_RET_ALLOW, SECCOMP_RET_KILL, SECCOMP_RET_ERRNO
,SECCOMP_RET_TRAP, SECCOMP_RET_TRACE actions.
Which one of these actions is logged? Of cource I would prefer SECCOMP_RET_TRACE to be logged,
so I can create non-intrusive seccomp filter.
Thank you all for a time.
Lev.