Missing "nametype" field in audit PATH records

Discussion:

Missing "nametype" field in audit PATH records

Nimrod Ostrovsky

2018-05-29 14:42:11 UTC

Hello,

I use the latest audit-userspace version on kernel 3.0.21, and Im trying
to compile a dispatcher app for audispd.
The problem is that PATH records does not have the "nametype" field in in
this kernel version, and I want to be able to distinct between "parent"
PATH records and any other types.

Any ideas how to solve this issue?
(Without having to upgrade the kernel)

Cheers,
Nimrod.

--
<https://automotive.knect365.com/tu-auto-detroit/registration>

Steve Grubb

2018-06-06 18:26:01 UTC

Post by Nimrod Ostrovsky
Hello,
I use the latest audit-userspace version on kernel 3.0.21, and Im trying
to compile a dispatcher app for audispd.
The problem is that PATH records does not have the "nametype" field in in
this kernel version, and I want to be able to distinct between "parent"
PATH records and any other types.
Any ideas how to solve this issue?
(Without having to upgrade the kernel)

Looks like that landed in the 3.10 kernel. Short of backporting nametype
support to your kernel, there is nothing else that you can do.

-Steve

1 Reply
3 Views
Permalink to this page
Disable enhanced parsing

Thread Navigation

Nimrod Ostrovsky 2018-05-29 14:42:11 UTC

Steve Grubb 2018-06-06 18:26:01 UTC

about - legalese

Loading...