* Problems with linux audit system in nested VM
@ 2021-04-30 13:07 punnal baloch
0 siblings, 0 replies; only message in thread
From: punnal baloch @ 2021-04-30 13:07 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 839 bytes --]
Hi,
I am trying to run the Linux audit system in a nested Virtual machine on
the google cloud engine. The problem I am facing is that the Linux Audit
System suspends after showing the following error after a few minutes when
I view the auditd status.
جنوری 29 16:53:42 fuzzer-VirtualBox auditd[294]: Audit daemon has no space
left on logging partition
جنوری 29 16:53:42 fuzzer-VirtualBox auditd[294]: Audit daemon is suspending
logging due to no space left on logging partition.
I checked using the df -h command and found out that there was around 6GB
of free space on the logging partition so I did not understand why this
error is occuring. Can you provide me a solution? Could this be because of
nested virtualization?
Please find attached my audit.rules and auditd.conf files.
Regards,
Punnal
[-- Attachment #1.2: Type: text/html, Size: 3171 bytes --]
[-- Attachment #2: auditd.conf --]
[-- Type: application/octet-stream, Size: 809 bytes --]
#
# This file controls the configuration of the audit daemon
#
local_events = yes
write_logs = yes
log_file = /var/log/audit/audit.log
log_group = adm
log_format = RAW
flush = INCREMENTAL_ASYNC
freq = 50
max_log_file = 24
num_logs = 50
priority_boost = 4
disp_qos = lossy
dispatcher = /sbin/audispd
name_format = NONE
##name = mydomain
max_log_file_action = keep_logs
space_left = 75
space_left_action = SYSLOG
verify_email = yes
action_mail_acct = root
admin_space_left = 50
admin_space_left_action = SUSPEND
disk_full_action = SUSPEND
disk_error_action = SUSPEND
use_libwrap = yes
##tcp_listen_port = 60
tcp_listen_queue = 5
tcp_max_per_addr = 1
##tcp_client_ports = 1024-65535
tcp_client_max_idle = 0
enable_krb5 = no
krb5_principal = auditd
##krb5_key_file = /etc/audit/audit.key
distribute_network = no
[-- Attachment #3: audit.rules --]
[-- Type: application/octet-stream, Size: 33863 bytes --]
## First rule - delete all
-D
## Increase the buffers to survive stress events.
## Make this bigger for busy systems
## -b 8192
## -b 32768
-b 8192
## This determine how long to wait in burst of events
--backlog_wait_time 0
## Set failure mode to syslog
-f 1
## My Rules
## -a always,exit -F arch=b64 -S connect -key=connect
## -a always,exit -F arch=b64 -S accept -key=accept
## -a always,exit -F arch=b64 -S kill -key=kill
## -a always,exit -F arch=b64 -S chown -key=chown
## -a always,exit -F arch=b64 -S creat -key=creat
## -a always,exit -F arch=b64 -S shmget -key=shmget
-a always,exit -F exe=/syz-executor -F arch=b64 -S open -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S stat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S poll -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S lseek -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S munmap -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S rt_sigaction -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S rt_sigprocmask -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S rt_sigreturn -key=all
# -a always,exit -F exe=/syz-executor -F arch=b64 -S pread64 -key=all
# -a always,exit -F exe=/syz-executor -F arch=b64 -S pwrite64 -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S readv -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S writev -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S pipe -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S select -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sched_yield -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mremap -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S msync -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mincore -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S madvise -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S shmget -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S shmat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S shmctl -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S dup -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S dup2 -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S pause -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getitimer -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S alarm -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S setitimer -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getpid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sendfile -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S connect -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S accept -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sendto -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S recvfrom -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sendmsg -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S recvmsg -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S shutdown -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S bind -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S listen -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getsockname -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getpeername -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S socketpair -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S execve -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S exit -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S uname -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S semget -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S semop -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S semctl -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S shmdt -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S msgget -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S msgsnd -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S msgrcv -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S msgctl -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fcntl -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S flock -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fsync -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fdatasync -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S truncate -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S ftruncate -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getcwd -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fchdir -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S rename -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S creat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S link -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S readlink -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S chmod -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fchmod -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S chown -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fchown -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S lchown -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getrlimit -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getrusage -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sysinfo -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S times -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S ptrace -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getuid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S syslog -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getgid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S setuid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S setgid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S geteuid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getegid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getpgrp -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S setreuid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S setregid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getgroups -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S setgroups -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S setresuid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getresuid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S setresgid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getresgid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getpgid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S setfsuid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S setfsgid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S capget -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S capset -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S rt_sigpending -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S rt_sigtimedwait -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S rt_sigqueueinfo -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S rt_sigsuspend -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sigaltstack -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S utime -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mknod -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S uselib -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S personality -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S ustat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S statfs -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fstatfs -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sysfs -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getpriority -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S setpriority -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sched_setparam -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sched_getparam -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sched_setscheduler -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sched_getscheduler -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sched_rr_get_interval -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mlock -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S munlock -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mlockall -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S munlockall -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S modify_ldt -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S pivot_root -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S arch_prctl -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S setrlimit -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S chroot -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sync -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S acct -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mount -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S iopl -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S ioperm -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S init_module -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S delete_module -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S quotactl -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S gettid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S readahead -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S setxattr -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S lsetxattr -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fsetxattr -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getxattr -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S lgetxattr -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fgetxattr -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S listxattr -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S llistxattr -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S flistxattr -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S removexattr -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S lremovexattr -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fremovexattr -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S tkill -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S time -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sched_setaffinity -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sched_getaffinity -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S set_thread_area -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S io_setup -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S io_destroy -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S io_getevents -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S io_submit -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S io_cancel -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S get_thread_area -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S lookup_dcookie -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S epoll_create -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S remap_file_pages -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S getdents64 -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S set_tid_address -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S restart_syscall -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S semtimedop -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fadvise64 -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S timer_create -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S timer_settime -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S timer_gettime -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S timer_getoverrun -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S timer_delete -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S clock_settime -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S clock_getres -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S clock_nanosleep -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S epoll_wait -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S epoll_ctl -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S tgkill -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S utimes -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mbind -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S set_mempolicy -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S get_mempolicy -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mq_open -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mq_unlink -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mq_timedsend -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mq_timedreceive -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mq_notify -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mq_getsetattr -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S kexec_load -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S waitid -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S add_key -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S request_key -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S keyctl -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S ioprio_set -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S ioprio_get -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S inotify_init -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S inotify_add_watch -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S inotify_rm_watch -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S migrate_pages -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mkdirat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S mknodat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fchownat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S futimesat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S newfstatat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S unlinkat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S renameat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S linkat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S symlinkat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S readlinkat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fchmodat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S faccessat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S pselect6 -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S ppoll -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S unshare -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S get_robust_list -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S splice -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S tee -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sync_file_range -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S vmsplice -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S move_pages -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S utimensat -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S epoll_pwait -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S signalfd -key=all
# -a always,exit -F exe=/syz-executor -F arch=b64 -S timerfd_create -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S eventfd -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fallocate -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S timerfd_settime -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S timerfd_gettime -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S accept4 -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S signalfd4 -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S eventfd2 -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S epoll_create1 -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S dup3 -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S pipe2 -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S inotify_init1 -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S preadv -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S pwritev -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S rt_tgsigqueueinfo -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S perf_event_open -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S recvmmsg -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fanotify_init -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S fanotify_mark -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S prlimit64 -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S name_to_handle_at -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S open_by_handle_at -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S clock_adjtime -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S syncfs -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S sendmmsg -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S setns -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S process_vm_readv -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S process_vm_writev -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S kcmp -key=all
-a always,exit -F exe=/syz-executor -F arch=b64 -S finit_module -key=all
# Rules for c program
-a always,exit -F exe=/a.out -F arch=b64 -S open -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S stat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S poll -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S lseek -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S munmap -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S rt_sigaction -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S rt_sigprocmask -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S rt_sigreturn -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S readv -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S writev -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S pipe -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S select -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sched_yield -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mremap -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S msync -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mincore -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S madvise -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S shmget -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S shmat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S shmctl -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S dup -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S dup2 -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S pause -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getitimer -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S alarm -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S setitimer -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getpid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sendfile -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S connect -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S accept -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sendto -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S recvfrom -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sendmsg -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S recvmsg -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S shutdown -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S bind -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S listen -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getsockname -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getpeername -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S socketpair -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S execve -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S exit -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S uname -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S semget -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S semop -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S semctl -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S shmdt -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S msgget -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S msgsnd -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S msgrcv -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S msgctl -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fcntl -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S flock -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fsync -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fdatasync -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S truncate -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S ftruncate -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getcwd -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fchdir -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S rename -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S creat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S link -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S readlink -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S chmod -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fchmod -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S chown -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fchown -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S lchown -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getrlimit -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getrusage -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sysinfo -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S times -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S ptrace -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getuid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S syslog -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getgid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S setuid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S setgid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S geteuid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getegid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getpgrp -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S setreuid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S setregid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getgroups -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S setgroups -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S setresuid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getresuid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S setresgid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getresgid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getpgid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S setfsuid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S setfsgid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S capget -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S capset -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S rt_sigpending -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S rt_sigtimedwait -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S rt_sigqueueinfo -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S rt_sigsuspend -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sigaltstack -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S utime -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mknod -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S uselib -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S personality -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S ustat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S statfs -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fstatfs -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sysfs -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getpriority -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S setpriority -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sched_setparam -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sched_getparam -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sched_setscheduler -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sched_getscheduler -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sched_rr_get_interval -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mlock -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S munlock -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mlockall -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S munlockall -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S modify_ldt -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S pivot_root -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S arch_prctl -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S setrlimit -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S chroot -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sync -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S acct -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mount -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S iopl -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S ioperm -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S init_module -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S delete_module -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S quotactl -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S gettid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S readahead -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S setxattr -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S lsetxattr -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fsetxattr -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getxattr -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S lgetxattr -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fgetxattr -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S listxattr -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S llistxattr -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S flistxattr -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S removexattr -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S lremovexattr -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fremovexattr -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S tkill -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S time -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sched_setaffinity -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sched_getaffinity -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S set_thread_area -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S io_setup -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S io_destroy -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S io_getevents -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S io_submit -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S io_cancel -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S get_thread_area -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S lookup_dcookie -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S epoll_create -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S remap_file_pages -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S getdents64 -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S set_tid_address -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S restart_syscall -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S semtimedop -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fadvise64 -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S timer_create -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S timer_settime -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S timer_gettime -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S timer_getoverrun -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S timer_delete -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S clock_settime -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S clock_getres -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S clock_nanosleep -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S epoll_wait -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S epoll_ctl -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S tgkill -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S utimes -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mbind -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S set_mempolicy -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S get_mempolicy -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mq_open -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mq_unlink -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mq_timedsend -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mq_timedreceive -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mq_notify -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mq_getsetattr -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S kexec_load -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S waitid -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S add_key -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S request_key -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S keyctl -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S ioprio_set -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S ioprio_get -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S inotify_init -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S inotify_add_watch -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S inotify_rm_watch -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S migrate_pages -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mkdirat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S mknodat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fchownat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S futimesat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S newfstatat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S unlinkat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S renameat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S linkat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S symlinkat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S readlinkat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fchmodat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S faccessat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S pselect6 -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S ppoll -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S unshare -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S get_robust_list -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S splice -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S tee -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sync_file_range -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S vmsplice -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S move_pages -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S utimensat -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S epoll_pwait -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S signalfd -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S eventfd -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fallocate -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S timerfd_settime -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S timerfd_gettime -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S accept4 -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S signalfd4 -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S eventfd2 -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S epoll_create1 -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S dup3 -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S pipe2 -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S inotify_init1 -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S preadv -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S pwritev -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S rt_tgsigqueueinfo -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S perf_event_open -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S recvmmsg -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fanotify_init -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S fanotify_mark -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S prlimit64 -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S name_to_handle_at -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S open_by_handle_at -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S clock_adjtime -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S syncfs -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S sendmmsg -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S setns -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S process_vm_readv -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S process_vm_writev -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S kcmp -key=all
-a always,exit -F exe=/a.out -F arch=b64 -S finit_module -key=all
[-- Attachment #4: Type: text/plain, Size: 106 bytes --]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-04-30 13:08 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-30 13:07 Problems with linux audit system in nested VM punnal baloch
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.