On Monday, February 03, 2014 03:57:56 PM AKASHI Takahiro wrote: > On ARM, endianness doesn't make any differences on auditing. > See the discussion below: > http://permalink.gmane.org/gmane.linux.ports.arm.kernel/165266 > In this version, mistakenly-used "ARMEB" and "armeb" are substituted > with "ARM" and "arm" respectively in Patches [1,2/4]. > > patch [3/4] adds more system call definitions for aarch64 (or arm64 in > kernel) that are missing in the current implementation. > https://www.redhat.com/archives/linux-audit/2013-November/msg00082.html > > Patch [4/4] enables auditing 32-bit tasks (ie. auditctl -F arch=b32) on > aarch64. > > This code replies on my kernel patch for aarch64 support, and > was tested on armv8 fast model with 32-bit/64-bit userland: > 1) basic operations with auditctl/autrace > # auditctl -a exit,always -S openat -F path=/etc/inittab > # auditctl -a exit,always -F dir=/tmp -F perm=rw > # auditctl -a task,always > # autrace /bin/ls > by comparing output from autrace with one from strace > > 2) audit-test-code (+ my workarounds for arm/arm64) > by running "audit-tool", "filter" and "syscalls" test categories.
Thanks. This set of patches have been applied in svn. It would be good to double check that arm still works for everyone. It does change --with-armeb to --with-arm. This is something all distributions and testers would need to fix in their build system. Please let me know if there are any other updates needed. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
