Add missing file timestamp and attribute syscalls to the audit PERM class tables. The most critical gap was the complete absence of timestamp syscalls from audit_change_attr.h, which meant timestamp syscalls failed the kernel-side AUDIT_PERM_ATTR class check, so rules using perm=a did not match those operations.
Changes: - audit_change_attr.h: Add utime, utimes, futimesat, utimensat, utimensat_time64, and file_setattr - audit_read.h: Add quotactl_fd, file_getattr, stat, lstat, fstat, newfstatat, and statx - audit_write.h: Add quotactl_fd Architecture-specific and conditionally-compiled syscalls are guarded with #ifdef. Signed-off-by: Steve Grubb <[email protected]> Signed-off-by: Ricardo Robaina <[email protected]> --- include/asm-generic/audit_change_attr.h | 16 ++++++++++++++++ include/asm-generic/audit_read.h | 19 +++++++++++++++++++ include/asm-generic/audit_write.h | 3 +++ 3 files changed, 38 insertions(+) diff --git a/include/asm-generic/audit_change_attr.h b/include/asm-generic/audit_change_attr.h index ddd90bbe40df..5cb036695d8a 100644 --- a/include/asm-generic/audit_change_attr.h +++ b/include/asm-generic/audit_change_attr.h @@ -40,3 +40,19 @@ __NR_link, #ifdef __NR_linkat __NR_linkat, #endif +#ifdef __NR_utime +__NR_utime, +#endif +#ifdef __NR_utimes +__NR_utimes, +#endif +#ifdef __NR_futimesat +__NR_futimesat, +#endif +__NR_utimensat, +#ifdef __NR_utimensat_time64 +__NR_utimensat_time64, +#endif +#ifdef __NR_file_setattr +__NR_file_setattr, +#endif diff --git a/include/asm-generic/audit_read.h b/include/asm-generic/audit_read.h index fb9991f53fb6..8feebc5b4c50 100644 --- a/include/asm-generic/audit_read.h +++ b/include/asm-generic/audit_read.h @@ -3,6 +3,9 @@ __NR_readlink, #endif __NR_quotactl, +#ifdef __NR_quotactl_fd +__NR_quotactl_fd, +#endif __NR_listxattr, #ifdef __NR_listxattrat __NR_listxattrat, @@ -18,3 +21,19 @@ __NR_fgetxattr, #ifdef __NR_readlinkat __NR_readlinkat, #endif +#ifdef __NR_file_getattr +__NR_file_getattr, +#endif +#ifdef __NR_stat +__NR_stat, +#endif +#ifdef __NR_lstat +__NR_lstat, +#endif +#ifdef __NR_fstat +__NR_fstat, +#endif +#ifdef __NR_newfstatat +__NR_newfstatat, +#endif +__NR_statx, diff --git a/include/asm-generic/audit_write.h b/include/asm-generic/audit_write.h index f9f1d0ae11d9..378128dc31e3 100644 --- a/include/asm-generic/audit_write.h +++ b/include/asm-generic/audit_write.h @@ -5,6 +5,9 @@ __NR_acct, __NR_swapon, #endif __NR_quotactl, +#ifdef __NR_quotactl_fd +__NR_quotactl_fd, +#endif #ifdef __NR_truncate __NR_truncate, #endif -- 2.53.0
