For 32-bit task auditing (-F arch=b32), internally-used machine type will be overwritten to MACH_ARM[EB] in order to use a correct system call lookup table.
Signed-off-by: AKASHI Takahiro <[email protected]> --- lib/libaudit.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/libaudit.c b/lib/libaudit.c index 77b3f9b..df2af2a 100644 --- a/lib/libaudit.c +++ b/lib/libaudit.c @@ -1306,6 +1306,12 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, else if (bits == ~__AUDIT_ARCH_64BIT && machine == MACH_S390X) machine = MACH_S390; + else if (bits == ~__AUDIT_ARCH_64BIT && + machine == MACH_AARCH64) + machine = MACH_ARM; + else if (bits == ~__AUDIT_ARCH_64BIT && + machine == MACH_AARCH64EB) + machine = MACH_ARMEB; /* Check for errors - return -6 * We don't allow 32 bit machines to specify -- 1.7.9.5 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
