Re: audit userspace problems with io_uring async ops
On Tue, Mar 7, 2023 at 4:17 PM Steve Grubb <sgrubb(a)redhat.com> wrote:
Hello Paul,
On Tuesday, February 28, 2023 5:04:04 PM EST Paul Moore wrote:
> ... if you look closely you'll notice that the #289 event (the async
> URINGOP) is missing from the ausearch output.
Thanks for the bug report. Let me know if you see anything else.
Upstream commit 7d35e14 should fix parsing URINGOP and DM_CTRL records.
Finally got a chance to try the fix, and it looks like it solves the
problem for me. Thanks.
In case anyone wants a hacky patched source RPM, I put the copy I'm
using at the link below:
* https://drop.paul-moore.com/120.OH1C/audit-3.1-2.1.secnext.fc39.src.rpm
[The link above should work for the next 120 days]
--
paul-moore.com