For better arm/aarch64 support in audit, patch [1/3] adds more system call definitions for aarch64 (or arm64 in kernel) that are missing in the current implementation. https://www.redhat.com/archives/linux-audit/2013-November/msg00082.html
Patch [2/3] improves endianness support for arm/aarch64. There used to be old discussions but the latest version, v2.3.2, has no fixes yet. http://permalink.gmane.org/gmane.linux.ports.arm.kernel/165266 Patch [3/3] enables auditing 32-bit tasks (auditctl -F arch=b32). This code replies on my kernel patch for aarch64 support, and was tested on armv8 fast model with 32-bit/64-bit userland: 1) basic operations with auditctl/autrace # auditctl -a exit,always -S openat -F path=/etc/inittab # auditctl -a exit,always -F dir=/tmp -F perm=rw # auditctl -a task,always # autrace /bin/ls by comparing output from autrace with one from strace 2) audit-test-code (+ my workarounds for arm/arm64) by running "audit-tool", "filter" and "syscalls" test categories. AKASHI Takahiro (3): audit(userspace): Add missing syscalls for AArch64 audit(userspace): Add arm LE/aarch64 BE support audit(userspace): Add compat system call support for AArch64 lib/aarch64_table.h | 17 ++++++++++++++--- lib/libaudit.c | 8 ++++++++ lib/libaudit.h | 4 +++- lib/lookup_table.c | 14 ++++++++++---- lib/machinetab.h | 12 +++++++----- swig/audit.py | 2 ++ tools/ausyscall/ausyscall.c | 3 ++- 7 files changed, 46 insertions(+), 14 deletions(-) -- 1.7.9.5 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
