+
+ # Same thing but with "kernel:syscall" type instead:
+ test_success "--condition event-rule-matches one syscall" \
+ --condition event-rule-matches --domain=kernel --type=kernel:syscall --name=open \
+ --action notify
+
+ test_success "--condition event-rule-matches one kernel:syscall:entry" \
+ --condition event-rule-matches --domain=kernel --type=kernel:syscall:entry --name=open \
+ --action notify
+ test_success "--condition event-rule-matches one kernel:syscall:exit" \
+ --condition event-rule-matches --domain=kernel --type=kernel:syscall:exit --name=open \
+ --action notify
+ test_success "--condition event-rule-matches one kernel:syscall:entry-exit" \
+ --condition event-rule-matches --domain=kernel --type=kernel:syscall:entry+exit --name=open \
+ --action notify
+