Re: Bug from audit.81 -> audit.82 & higher
On Tuesday 02 August 2005 17:03, Michael C Thompson wrote:
auditctl -a entry,always -S open -F a2=448 -F exit!=0 -F auid=500 -F
euid=0
You can't check exit at syscall entry. Does taking that out fix the problem?
You cannot check: exit, success, major, minor, or inode at syscall entry.
-Steve