Oh in short my /etc/audit/rules.d/audit.rules looks like this: -D -b 8192 -f 1 -i --backlog_wait_time 0 -w /etc/anacrontab -p w -k AU-FS01-0001 [some more -w `foo` -p w -k `bar` here ...]
Has someone here tried https://bugzilla.redhat.com/show_bug.cgi?id=1117953 / adding a "-a task,never" to /etc/audit/rules.d/audit.rules? Is that a bit extendive? However, https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/kernel/seccomp.c?id=326bee0286d7f6b0d780f5b75a35ea9fe489a802 looks very promising! - /* - * Let the audit subsystem decide if the action should be audited based - * on whether the current task itself is being audited. - */ - return audit_seccomp(syscall, signr, action); + audit_seccomp(syscall, signr, action); Thanks Tyler! :× -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1774711 Title: excessive seccomp audit logs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774711/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
