On Jun 12, 2026 Ricardo Robaina <[email protected]> wrote: > > Add missing file metadata syscalls to the audit PERM class tables, > addressing gaps where certain file operations were not properly > classified for audit rule matching. > > Changes: > - audit_change_attr.h: Add file_setattr > > - audit_read.h: Add quotactl_fd, file_getattr, stat, stat64, lstat, > lstat64, fstat, fstat64, newfstatat, fstatat64, and statx > > - audit_write.h: Add quotactl_fd > > Architecture-specific and conditionally-compiled syscalls are guarded > with #ifdef. > > Signed-off-by: Steve Grubb <[email protected]> > Signed-off-by: Ricardo Robaina <[email protected]> > --- > Changes in v2: > - Added stat64 family syscalls (stat64, lstat64, fstat64, fstatat64) to > audit_read.h for 32-bit architecture support. > - Dropped timestamp-related syscalls (utime, utimes, utimensat, etc.) > due to potential audit log volume increase impact. Those will be > addressed in a separate patch after closer investigation. > > include/asm-generic/audit_change_attr.h | 3 +++ > include/asm-generic/audit_read.h | 31 +++++++++++++++++++++++++ > include/asm-generic/audit_write.h | 3 +++ > 3 files changed, 37 insertions(+)
Looks good to me, merged into audit/dev, thanks. -- paul-moore.com

