On Monday 23 July 2007 07:44:42 am John D. Ramsdell wrote: > Enclosed is a patch for auparse/interpret.c that makes it so that > a0 is interpreted for clone flags, not a2.
Thanks...will appy. > It also fixes two problems with interpreting the fcntl system call. The > name of the system call is fcntl64, but the original code looked for the > name fcntl. It was doing: strncmp(sys, "fcntl", 5) == 0), which is not a full string compare. I think this is correct. > I have also added a case so that a2 is printed as FD_CLOEXEC whenever a1 is > F_SETFD and a2 is 1. Thanks...merging this piece. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
