On Thursday, May 3, 2018 6:36:18 PM EDT Tyler Hicks wrote:
> On 05/03/2018 04:12 PM, Steve Grubb wrote:
> > On Thursday, May 3, 2018 4:51:36 PM EDT Tyler Hicks wrote:
> >> On 05/03/2018 03:48 PM, Paul Moore wrote:
> >>> On Thu, May 3, 2018 at 4:42 PM, Steve Grubb wrote:
> On Thursday, May 3,
On 05/03/2018 04:12 PM, Steve Grubb wrote:
> On Thursday, May 3, 2018 4:51:36 PM EDT Tyler Hicks wrote:
>> On 05/03/2018 03:48 PM, Paul Moore wrote:
>>> On Thu, May 3, 2018 at 4:42 PM, Steve Grubb wrote:
On Thursday, May 3, 2018 4:18:26 PM EDT Paul Moore wrote:
> On Wed, May 2, 2018 at 2:
On Thursday, May 3, 2018 4:51:36 PM EDT Tyler Hicks wrote:
> On 05/03/2018 03:48 PM, Paul Moore wrote:
> > On Thu, May 3, 2018 at 4:42 PM, Steve Grubb wrote:
> >> On Thursday, May 3, 2018 4:18:26 PM EDT Paul Moore wrote:
> >>> On Wed, May 2, 2018 at 2:18 PM, Steve Grubb wrote:
> On Wednesday
On 05/03/2018 03:48 PM, Paul Moore wrote:
> On Thu, May 3, 2018 at 4:42 PM, Steve Grubb wrote:
>> On Thursday, May 3, 2018 4:18:26 PM EDT Paul Moore wrote:
>>> On Wed, May 2, 2018 at 2:18 PM, Steve Grubb wrote:
On Wednesday, May 2, 2018 11:53:19 AM EDT Tyler Hicks wrote:
> The decision t
On Thu, May 3, 2018 at 4:42 PM, Steve Grubb wrote:
> On Thursday, May 3, 2018 4:18:26 PM EDT Paul Moore wrote:
>> On Wed, May 2, 2018 at 2:18 PM, Steve Grubb wrote:
>> > On Wednesday, May 2, 2018 11:53:19 AM EDT Tyler Hicks wrote:
>> >> The decision to log a seccomp action will always be subject
On Thursday, May 3, 2018 4:18:26 PM EDT Paul Moore wrote:
> On Wed, May 2, 2018 at 2:18 PM, Steve Grubb wrote:
> > On Wednesday, May 2, 2018 11:53:19 AM EDT Tyler Hicks wrote:
> >> The decision to log a seccomp action will always be subject to the
> >> value of the kernel.seccomp.actions_logged sy
On Wed, May 2, 2018 at 2:18 PM, Steve Grubb wrote:
> On Wednesday, May 2, 2018 11:53:19 AM EDT Tyler Hicks wrote:
>> The decision to log a seccomp action will always be subject to the
>> value of the kernel.seccomp.actions_logged sysctl, even for processes
>> that are being inspected via the audit
On Wed, 2 May 2018, Tyler Hicks wrote:
> type=CONFIG_CHANGE msg=audit(1525275325.613:142): op=seccomp-logging
> actions=kill_process,kill_thread,errno,trace,log
> old-actions=kill_process,kill_thread,errno,trace,log res=1
>
> No audit records are generated when reading the actions_logged sysct
On Wednesday, May 2, 2018 11:53:19 AM EDT Tyler Hicks wrote:
> The decision to log a seccomp action will always be subject to the
> value of the kernel.seccomp.actions_logged sysctl, even for processes
> that are being inspected via the audit subsystem, in an upcoming patch.
> Therefore, we need to
The decision to log a seccomp action will always be subject to the
value of the kernel.seccomp.actions_logged sysctl, even for processes
that are being inspected via the audit subsystem, in an upcoming patch.
Therefore, we need to emit an audit record on attempts at writing to the
actions_logged sy
10 matches
Mail list logo
