1296661 – RFE: audit of *at syscalls

Bug 1296661 - RFE: audit of *at syscalls

Summary: RFE: audit of *at syscalls

Keywords:
Status:	CLOSED DUPLICATE of bug 1296660
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Paul Moore
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-01-07 19:08 UTC by Steve Grubb
Modified:	2016-01-12 16:57 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-01-12 16:57:30 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Steve Grubb 2016-01-07 19:08:44 UTC

Description of problem:
For the *at syscalls, can we get the path from the FD being passed as an argument to be able to reconstruct what is being accessed? (Readlink in /proc/<pid>/fds/# shows the path, why can't this go into the record? We may need a new auxiliary record type since this is neither the cwd or path.

This would be a big help since openat is used a lot.

Comment 1 Steve Grubb 2016-01-12 13:54:55 UTC

Seems to be a duplicate...closing.

Comment 2 Paul Moore 2016-01-12 14:12:56 UTC

Then please mark this BZ as a duplicate so we have a pointer to the original BZ.

Comment 3 Steve Grubb 2016-01-12 14:46:30 UTC

Bugzilla create 1296660 and 1296661 one right after another. I thought it would be cleaner to not link the two since looks like a bug in bugzilla.

Comment 4 Paul Moore 2016-01-12 16:57:30 UTC

I think having the link is still handy in case someone stumbles across this BZ and not the other.

*** This bug has been marked as a duplicate of bug 1296660 ***

Note You need to log in before you can comment on or make changes to this bug.