The audit subsystem allows selecting audit events based on watches for a particular behavior like writing to a file. A lot of syscalls have been added without updating the list. This patch adds 2 syscalls to the write filters: fallocate and renameat2.
Signed-off-by: sgrubb <sgr...@redhat.com> --- include/asm-generic/audit_dir_write.h | 4 ++++ include/asm-generic/audit_write.h | 3 +++ 2 files changed, 7 insertions(+) diff --git a/include/asm-generic/audit_dir_write.h b/include/asm-generic/audit_dir_write.h index 7b61db4fe72b..d9a53eaeea35 100644 --- a/include/asm-generic/audit_dir_write.h +++ b/include/asm-generic/audit_dir_write.h @@ -30,3 +30,7 @@ __NR_renameat, __NR_linkat, __NR_symlinkat, #endif +#ifdef __NR_renameat2 +__NR_renameat2, +#endif + diff --git a/include/asm-generic/audit_write.h b/include/asm-generic/audit_write.h index 274575d7129f..4fa65816acd3 100644 --- a/include/asm-generic/audit_write.h +++ b/include/asm-generic/audit_write.h @@ -19,3 +19,6 @@ __NR_ftruncate64, #ifdef __NR_bind __NR_bind, /* bind can affect fs object only in one way... */ #endif +#ifdef __NR_fallocate +__NR_fallocate, +#endif -- 2.13.6 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit