I withdraw my question
 
I found that ctx = seccomp_init(SCMP_ACT_LOG)
prodiues SECCOMP messages in audit log
 
 
 
 
06.11.2017, 23:36, "Lev Olshvang" <levonshe@yandex.com>:
Hi List,
 
 
I am experimenting with sescomp (minijail) and audit v2.8.2 on Ubuntu kernel 4.4.0
 
I see in audit log ANOM_ABEND sig =6 events causes by seccomp, but no events of type SECCOMP
 
Perhaps some configuration in kernel missing, perhaps I should put some rules in audit rules
 
 
I also want to understand which seccomp return actions will be logged by Audit.
 
For example, seccomp have SECCOMP_RET_ALLOW, SECCOMP_RET_KILL, SECCOMP_RET_ERRNO
,SECCOMP_RET_TRAP, SECCOMP_RET_TRACE actions.
 
Which one of these actions is logged? Of cource I would prefer SECCOMP_RET_TRACE to be logged,
so I can create non-intrusive seccomp filter.
 
Thank you all for a time.
Lev.