X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Finfra-ansible.git;a=blobdiff_plain;f=roles%2Faudit%2Ftemplates%2F43-module-load.rules.j2;h=e6f2ac4f58062bc039217fc3905e594a62f6d596;hp=8c266f5a51c2d629dbfb76b184ec9842cdad292f;hb=070e5c7e2d2ac18fc59f3fe83d364062f4883050;hpb=b2e13865c2b899ce48148879da20323bd9bc988c

diff --git a/roles/audit/templates/43-module-load.rules.j2 b/roles/audit/templates/43-module-load.rules.j2
index 8c266f5..e6f2ac4 100644
--- a/roles/audit/templates/43-module-load.rules.j2
+++ b/roles/audit/templates/43-module-load.rules.j2
@@ -1,6 +1,13 @@
 ## These rules watch for kernel module insertion
+{%- set S_create_module = '-S create_module' %}
+{%- set S_kexec_file_load = '-S kexec_file_load' %}
+{# Filter syscalls not available on certain platforms #}
+{% if ansible_architecture in ['aarch64'] %}
+    {%- set S_create_module = '' %}
+    {%- set S_kexec_file_load = '' %}
+{% endif %}
 -w /usr/sbin/insmod -p x -k modules
 -w /usr/sbin/rmmod -p x -k modules
 -w /usr/sbin/modprobe -p x -k modules
--a always,exit -F arch=b64 -S init_module -S delete_module -S create_module -S finit_module -S kexec_file_load -S kexec_load -k modules
--a always,exit -F arch=b32 -S init_module -S delete_module -S create_module -S finit_module -k modules
+-a always,exit -F arch=b64 -S init_module -S delete_module {{ S_create_module }} -S finit_module {{ S_kexec_file_load }} -S kexec_load -k modules
+-a always,exit -F arch=b32 -S init_module -S delete_module {{ S_create_module }} -S finit_module -k modules