I withdraw my question
I found that ctx = seccomp_init(SCMP_ACT_LOG)
prodiues SECCOMP messages in audit log
06.11.2017, 23:36, "Lev Olshvang" <[email protected]>:
Hi List,I am experimenting with sescomp (minijail) and audit v2.8.2 on Ubuntu kernel 4.4.0I see in audit log ANOM_ABEND sig =6 events causes by seccomp, but no events of type SECCOMPPerhaps some configuration in kernel missing, perhaps I should put some rules in audit rulesI also want to understand which seccomp return actions will be logged by Audit.For example, seccomp have SECCOMP_RET_ALLOW, SECCOMP_RET_KILL, SECCOMP_RET_ERRNO,SECCOMP_RET_TRAP, SECCOMP_RET_TRACE actions.Which one of these actions is logged? Of cource I would prefer SECCOMP_RET_TRACE to be logged,so I can create non-intrusive seccomp filter.Thank you all for a time.Lev.
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
