Replace usage of libaudit function removed in v3.0.7 by carlsmedstad · Pull Request #8401 · osquery/osquery
Conversation
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not super familiar with how libaudit works -- I know osquery is (mostly), static but any chance this change extends into the whatever the underlying auditd system is?
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We talked about this in office hours today, and we think it's reasonable!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters