The current version of audit has issues compiling (Debian Squeeze -- http://www.raspberrypi.org/downloads). The compiler complains about being unable to find SYS_RECVMMSG. The following patch solves this issue by removing potential problematic system calls from being compiled in when using the WITH_ARMEB directive. The patch was made against the latest stable release (audit 2.2.1) and tested under QEMU ARM with Debian Squeeze 6.0.
Signed-off by: Nathaniel Husted <[email protected]> diff -rpuN audit-2.2.1/auparse/socktab.h audit-2.2.1-patched/auparse/socktab.h --- audit-2.2.1/auparse/socktab.h 2012-03-23 08:42:42.000000000 -0400 +++ audit-2.2.1-patched/auparse/socktab.h 2012-06-15 16:13:12.470054242 -0400 @@ -39,6 +39,8 @@ _S(SYS_GETSOCKOPT, "getsockopt" ) _S(SYS_SENDMSG, "sendmsg" ) _S(SYS_RECVMSG, "recvmsg" ) _S(SYS_ACCEPT4, "accept4" ) +#ifndef WITH_ARMEB _S(SYS_RECVMMSG, "recvmmsg" ) _S(20, "sendmmsg" ) +#endif diff -rpuN audit-2.2.1/src/ausearch-lookup.c audit-2.2.1-patched/src/ausearch-lookup.c --- audit-2.2.1/src/ausearch-lookup.c 2012-03-23 08:42:41.000000000 -0400 +++ audit-2.2.1-patched/src/ausearch-lookup.c 2012-06-15 16:12:41.839801930 -0400 @@ -116,7 +116,9 @@ static struct nv_pair socktab[] = { {SYS_SENDMSG, "sendmsg"}, {SYS_RECVMSG, "recvmsg"}, {SYS_ACCEPT4, "accept4"}, + #ifndef WITH_ARMEB {SYS_RECVMMSG, "recvmmsg"}, + #endif {20, "sendmmsg"} }; #define SOCK_NAMES (sizeof(socktab)/sizeof(socktab[0])) -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
