Bug 1296661 - RFE: audit of *at syscalls
RFE: audit of *at syscalls
Status: CLOSED DUPLICATE of bug 1296660
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
Unspecified Unspecified
medium Severity low
: ---
: ---
Assigned To: Paul Moore
Fedora Extras Quality Assurance
: Reopened
Depends On:
  Show dependency treegraph
Reported: 2016-01-07 14:08 EST by Steve Grubb
Modified: 2016-01-12 11:57 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-01-12 11:57:30 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Steve Grubb 2016-01-07 14:08:44 EST
Description of problem:
For the *at syscalls, can we get the path from the FD being passed as an argument to be able to reconstruct what is being accessed? (Readlink in /proc/<pid>/fds/# shows the path, why can't this go into the record? We may need a new auxiliary record type since this is neither the cwd or path.

This would be a big help since openat is used a lot.
Comment 1 Steve Grubb 2016-01-12 08:54:55 EST
Seems to be a duplicate...closing.
Comment 2 Paul Moore 2016-01-12 09:12:56 EST
Then please mark this BZ as a duplicate so we have a pointer to the original BZ.
Comment 3 Steve Grubb 2016-01-12 09:46:30 EST
Bugzilla create 1296660 and 1296661 one right after another. I thought it would be cleaner to not link the two since looks like a bug in bugzilla.
Comment 4 Paul Moore 2016-01-12 11:57:30 EST
I think having the link is still handy in case someone stumbles across this BZ and not the other.

*** This bug has been marked as a duplicate of bug 1296660 ***

Note You need to log in before you can comment on or make changes to this bug.