Add a parser to parse subject attributes from EVENT_LISTENER and NETFILTER_CFG record types.
This is a new order for subject attributes for two record types that usually occur in user context and therefore would be informed by a SYSCALL record, but occasionally stand alone and need the subject attributes added. In the case of the NETFILTER_CFG event, since it is kernel-initiated, several of the subject attributes are unset and meaningless in the kernel context and duplicates in user context, hence removed. Please see the upstream issues https://github.com/linux-audit/audit-kernel/issues/28 and https://github.com/linux-audit/audit-kernel/issues/25 . changelog: v6 - remove uid, auid as duplicates or unset v1-4 - no userspace patches Richard Guy Briggs (2): ausearch-parse: add parser for YAASAO ausearch-parse: mod parser for YAASAO for NETFILTER_CFG src/ausearch-parse.c | 168 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 167 insertions(+), 1 deletion(-) -- 1.8.3.1 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
