No audit records on FC5-t3 when arch is specified

Wednesday, 1 March 2006

Hi,
I just fresh installed a FC5-t3 (2.6.15-1.1955_FC5) on a ppc64 system 
and noticed the following behavior with auditctl:

Inserting an audit rule in following manner works (ie. there is record 
for rule addition, and it generates a record when the syscall is executed)
	auditctl -a action,list -S syscall

However, the following does not work (ie. there is a record that a rule 
was added in log, but no record is generated when syscall is executed)
	auditctl -a action,list -F arch=b32 -S syscall	or
	auditctl -a action,list -F arch=b64 -S syscall

The version of auditctl on the system is audit-1.1.4-5.1

Michael tried this on an i386 FC5-t3 and he sees the same problem. But 
on an i386 with latest lspp.10 kernel everything works fine.

Has anyone experienced this problem?

- Loulwa

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

No audit records on FC5-t3 when arch is specified