Replace usage of libaudit function removed in v3.0.7#8401
Merged
directionless merged 1 commit intoosquery:masterfrom Dec 17, 2024
Merged
Replace usage of libaudit function removed in v3.0.7#8401directionless merged 1 commit intoosquery:masterfrom
directionless merged 1 commit intoosquery:masterfrom
Conversation
Member
directionless
left a comment
directionless
left a comment
There was a problem hiding this comment.
I'm not super familiar with how libaudit works -- I know osquery is (mostly), static but any chance this change extends into the whatever the underlying auditd system is?
The function audit_rule_syscall_data is since 24fa18cfea484b0e58ab02e71b9cc0bea87f6b00 [0] not part of libaudit's interface. [0]: linux-audit/audit-userspace@24fa18c
carlsmedstad
force-pushed
the
removed-libaudit-function
branch
from
0e9b480 to
9772b02
Compare
directionless
approved these changes
Dec 17, 2024
Member
directionless
left a comment
directionless
left a comment
There was a problem hiding this comment.
We talked about this in office hours today, and we think it's reasonable!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hey 👋
The function
audit_rule_syscall_datais since linux-audit/audit-userspace@24fa18c not part of libaudit's interface.For context I'm currently in the process of updating the Arch Linux package for osquery and will attempt to upstream as many of the required patches as possible. The complete WIP patchset can be found in this branch: https://github.com/carlsmedstad/osquery/tree/build-on-archlinux
Cheers!