Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
audit: add missing syscalls to read class
The "at" variant of getxattr() and listxattr() are missing from the
audit read class. Calling getxattrat() or listxattrat() on a file to
read its extended attributes will bypass audit rules such as:
-w /tmp/test -p rwa -k test_rwa
The current patch adds missing syscalls to the audit read class.
Signed-off-by: Jeffrey Bencteux <jeff@bencteux.fr>
Signed-off-by: Paul Moore <paul@paul-moore.com>
authored by
Jeffrey Bencteux
and committed by
Paul Moore
bcb90a28
15b0c43a
+6
+6
include/asm-generic/audit_read.h
+6
include/asm-generic/audit_read.h
···
4
4
#endif
5
5
__NR_quotactl,
6
6
__NR_listxattr,
7
+
#ifdef __NR_listxattrat
8
+
__NR_listxattrat,
9
+
#endif
7
10
__NR_llistxattr,
8
11
__NR_flistxattr,
9
12
__NR_getxattr,
13
+
#ifdef __NR_getxattrat
14
+
__NR_getxattrat,
15
+
#endif
10
16
__NR_lgetxattr,
11
17
__NR_fgetxattr,
12
18
#ifdef __NR_readlinkat