A flaw was found in the kernel's audit by access permission feature which would not record open_by_handle_at syscalls.
This does not mean that a user is granted access to resources that they would not be able to. This means that the audit log trail would not contain the log events of access.
Name: Felix Kosterhon (SECUINFRA GmbH)
This is public:
related 2016-04-16 https://github.com/linux-audit/audit-kernel/issues/9
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1936258]
This syscall can still be audited by using the 'syscall auditing feature' by passing open_by_handle_at to it in the rule. Existing auditing ruleset requirements generally use this mechanism.