I withdraw the previously submitted kernel patch. In addition to the errors already pointed out on this list, the patch was produced several months ago, and the kernel has changed since then. In addition, the audit records for execve and open in the latest kernel already includes the information of interest. From the perspective of polgen, all that is currently missing is the file descriptors created by the pipe and socketpair system calls, and we'll be back with just that patch once it's properly prepared.
I have been relying on others to create kernel patches, and neglected to familiarize myself with the accepted practice for submitting patches. I will ensure that future patches follow the rules. John -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
