On Jun 12, 2026 Ricardo Robaina <[email protected]> wrote:
> 
> Add missing file metadata syscalls to the audit PERM class tables,
> addressing gaps where certain file operations were not properly
> classified for audit rule matching.
> 
> Changes:
> - audit_change_attr.h: Add file_setattr
> 
> - audit_read.h: Add quotactl_fd, file_getattr, stat, stat64, lstat,
>   lstat64, fstat, fstat64, newfstatat, fstatat64, and statx
> 
> - audit_write.h: Add quotactl_fd
> 
> Architecture-specific and conditionally-compiled syscalls are guarded
> with #ifdef.
> 
> Signed-off-by: Steve Grubb <[email protected]>
> Signed-off-by: Ricardo Robaina <[email protected]>
> ---
> Changes in v2:
> - Added stat64 family syscalls (stat64, lstat64, fstat64, fstatat64) to
>   audit_read.h for 32-bit architecture support.
> - Dropped timestamp-related syscalls (utime, utimes, utimensat, etc.)
>   due to potential audit log volume increase impact. Those will be
>   addressed in a separate patch after closer investigation.
> 
>  include/asm-generic/audit_change_attr.h |  3 +++
>  include/asm-generic/audit_read.h        | 31 +++++++++++++++++++++++++
>  include/asm-generic/audit_write.h       |  3 +++
>  3 files changed, 37 insertions(+)

Looks good to me, merged into audit/dev, thanks.

--
paul-moore.com

Reply via email to