Bug 1296660 - RFE: audit of *at syscalls
RFE: audit of *at syscalls
Status: CLOSED DEFERRED
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
Unspecified Unspecified
medium Severity low
: ---
: ---
Assigned To: Paul Moore
Fedora Extras Quality Assurance
:
: 1296661 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-07 14:07 EST by Steve Grubb
Modified: 2016-06-02 15:41 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-06-02 15:41:47 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Steve Grubb 2016-01-07 14:07:16 EST
Description of problem:
For the *at syscalls, can we get the path from the FD being passed as an argument to be able to reconstruct what is being accessed? (Readlink in /proc/<pid>/fds/# shows the path, why can't this go into the record? We may need a new auxiliary record type since this is neither the cwd or path.

This would be a big help since openat is used a lot.
Comment 1 Paul Moore 2016-01-12 11:57:30 EST
*** Bug 1296661 has been marked as a duplicate of this bug. ***
Comment 2 Paul Moore 2016-04-06 19:52:25 EDT
Upstream issue:

 * https://github.com/linux-audit/audit-kernel/issues/9
Comment 3 Paul Moore 2016-06-02 15:41:47 EDT
Closing this as we are tracking upstream RFEs on GitHub now, see the link in comment #2.

Note You need to log in before you can comment on or make changes to this bug.