Am 01.07.25 um 18:11 schrieb Casey Schaufler:
On 6/30/2025 11:42 PM, Ede Wolf wrote:
Hi,
we would like to convert out old style syntax, like
-w /etc/crontab -p wa -l some_label
to the newstyle
-a exit,always. -S unlink...
Just wondering, is there a table, that translates the permission
(r,w,x,a) into their respective syscalls?
Could you explain the question in more detail? I'm having trouble understanding
the question.
Sure, but I would like to know, what is unclear?
When audit watches a file for changes (or access) , be it read, write,
execute or modification of its attributes, those changes are translated
into syscalls. To my little understanding.
And I was wondering, wether there is a translation available, that lists
f.e. a file "read" can mean one of those syscalls:
read
pread
readv
readlink
preadv
preadv2
Now, this list is obviously wrong, but maybe there is a (kind of)
authritive one around.
_______________________________________________
Linux-audit mailing list -- linux-audit@lists.linux-audit.osci.io
To unsubscribe send an email to linux-audit-le...@lists.linux-audit.osci.io
