audit 2.7.1 released

Hello, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is: - In auparse_classify, handle simple SYSCALL events - In auparse_classify, correct identification of execve object - In auparse, load interpretations when auparse_find_field_next changes record - In auparse_classify, collect some new object data on some syscalls - In auparse_classify, make sure session is cleared on each new event - In ausearch, only add the separator for enriched events (#1406328) - In auparse_classify, add more syscalls to action map - In auparse_classify, fix mode conversion so file object classification works - Do not let libev process SIGCHLD - In auditd, install temporary SIGCHLD handler until libev starts - Fix signal handling in audispd so that it responds faster - In auditd, fix descriptor setup when initializing the dispatcher - In auparse_classify, only collect syscall subj attributes when asked - Add auparse_classify_key function to auparse - In auparse_classify, handle more common interpreters - Add support in auditctl to reset the lost record counter The main goal of this update is to cleanup the auparse_classify interface to auparse. It should now be in good shape. I will be explaining what this is for and how it can be used in the near future. Aside from this a bug was fixed in the descriptor handling when start audispd. If anyone has their own dispatcher, you might want to carefully test before moving to this release. Another bug was fixed in how audispd responds to signals. Shutdown and reconfigure should be much faster now. The one other feature in this release is the addition of a new auditctl command, --reset-lost. If you run auditctl -s it reports how many lost records have occured. If you like to track this on a daily basis, you can now issue the --reset-lost command and if the kernel supports this, it will reset the number to 0. Please let me know if you run across any problems with this release. -Steve