This patchset adds a new AUDIT_TIME_ADJUSTED record type, which is associated to the adjtimex(2) syscall record whenever it is invoked in non-read-only mode.
Changes in v2: - The audit_adjtime() function has been modified to only log those fields that contain values that are actually used, resulting in more compact records. - The audit_adjtime() call has been moved to do_adjtimex() in timekeeping.c - Added an additional patch (for review) that simplifies the detection if the syscall is read-only. -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
