On 05/01/2018 12:25 PM, Paul Moore wrote:
> On Tue, May 1, 2018 at 12:41 PM, Steve Grubb wrote:
>> On Tuesday, May 1, 2018 11:18:55 AM EDT Paul Moore wrote:
>>> On Fri, Apr 27, 2018 at 3:16 PM, Tyler Hicks wrote:
The decision to log a seccomp action
On Tue, May 1, 2018 at 12:41 PM, Steve Grubb wrote:
> On Tuesday, May 1, 2018 11:18:55 AM EDT Paul Moore wrote:
>> On Fri, Apr 27, 2018 at 3:16 PM, Tyler Hicks wrote:
>> > The decision to log a seccomp action will always be subject to the
>> > value of
On Tuesday, May 1, 2018 11:18:55 AM EDT Paul Moore wrote:
> On Fri, Apr 27, 2018 at 3:16 PM, Tyler Hicks wrote:
> > The decision to log a seccomp action will always be subject to the
> > value of the kernel.seccomp.actions_logged sysctl, even for processes
> > that are
On Fri, Apr 27, 2018 at 3:16 PM, Tyler Hicks wrote:
> The decision to log a seccomp action will always be subject to the
> value of the kernel.seccomp.actions_logged sysctl, even for processes
> that are being inspected via the audit subsystem, in an upcoming patch.
>
The decision to log a seccomp action will always be subject to the
value of the kernel.seccomp.actions_logged sysctl, even for processes
that are being inspected via the audit subsystem, in an upcoming patch.
Therefore, we need to emit an audit record on attempts at writing to the
actions_logged