Hi, When I use "auditctl -a exit,always -S 2015" in x86 system, this rule can be added. But I thought it would report error since there is not such syscall number "1000" in x86, the max is 318. If I use "auditctl -a exit,always -S 2016" in x86 system, it will report " Syscall name unknown: 2016". And it is the same with x86_64 and ia64. (syscalls in S390 and ppc syscall table is 1-318)
Is there any special reason to set the limitation as "2015"? Regards Chu Li -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
