On 2017-10-13 03:24, Steve Grubb wrote: > The audit subsystem allows selecting audit events based on watches for > a particular behavior like writing to a file. A lot of syscalls have > been added without updating the list. This patch adds 2 syscalls to the > write filters: fallocate and renameat2. > > Signed-off-by: sgrubb <[email protected]>
Reviewed-by: Richard Guy Briggs <[email protected]> > --- > include/asm-generic/audit_dir_write.h | 4 ++++ > include/asm-generic/audit_write.h | 3 +++ > 2 files changed, 7 insertions(+) > > diff --git a/include/asm-generic/audit_dir_write.h > b/include/asm-generic/audit_dir_write.h > index 7b61db4fe72b..d9a53eaeea35 100644 > --- a/include/asm-generic/audit_dir_write.h > +++ b/include/asm-generic/audit_dir_write.h > @@ -30,3 +30,7 @@ __NR_renameat, > __NR_linkat, > __NR_symlinkat, > #endif > +#ifdef __NR_renameat2 > +__NR_renameat2, > +#endif > + > diff --git a/include/asm-generic/audit_write.h > b/include/asm-generic/audit_write.h > index 274575d7129f..4fa65816acd3 100644 > --- a/include/asm-generic/audit_write.h > +++ b/include/asm-generic/audit_write.h > @@ -19,3 +19,6 @@ __NR_ftruncate64, > #ifdef __NR_bind > __NR_bind, /* bind can affect fs object only in one way... */ > #endif > +#ifdef __NR_fallocate > +__NR_fallocate, > +#endif > -- > 2.13.6 > > - RGB -- Richard Guy Briggs <[email protected]> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
