On Fri, Aug 24, 2018 at 02:00:00PM +0200, Ondrej Mosnacek wrote: > This patch adds two auxiliary record types that will be used to annotate > the adjtimex SYSCALL records with the NTP/timekeeping values that have > been changed.
It seems the "adjust" function intentionally logs also calls/modes that don't actually change anything. Can you please explain it a bit in the message? NTP/PTP daemons typically don't read the adjtimex values in a normal operation and overwrite them on each update, even if they don't change. If the audit function checked that oldval != newval, the number of messages would be reduced and it might be easier to follow. -- Miroslav Lichvar -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
