[PATCH v4 0/3] audit: add support for openat2

The openat2(2) syscall was added in v5.6. Add support for openat2 to the audit syscall classifier and for recording openat2 parameters that cannot be captured in the syscall parameters of the SYSCALL record. Supporting userspace code can be found in https://github.com/rgbriggs/audit-userspace/tre

[PATCH v4 1/3] audit: replace magic audit syscall class numbers with macros

Replace audit syscall class magic numbers with macros. This required putting the macros into new header file include/linux/auditsc_classmacros.h since the syscall macros were included for both 64 bit and 32 bit in any compat code, causing redefinition warnings. Signed-off-by: Richard Guy Briggs

[PATCH v4 2/3] audit: add support for the openat2 syscall

The openat2(2) syscall was added in kernel v5.6 with commit fddb5d430ad9 ("open: introduce openat2(2) syscall") Add the openat2(2) syscall to the audit syscall classifier. Link: https://github.com/linux-audit/audit-kernel/issues/67 Signed-off-by: Richard Guy Briggs Link: https://lore.kernel.org

[PATCH v4 3/3] audit: add OPENAT2 record to list how

Since the openat2(2) syscall uses a struct open_how pointer to communicate its parameters they are not usefully recorded by the audit SYSCALL record's four existing arguments. Add a new audit record type OPENAT2 that reports the parameters in its third argument, struct open_how with fields oflag,