diff options
| author | Jeffrey Bencteux <jeff@bencteux.fr> | 2025-12-27 11:39:24 +0300 |
|---|---|---|
| committer | Sasha Levin <sashal@kernel.org> | 2026-03-04 15:20:51 +0300 |
| commit | 5632d14b2f2a0ade2d0068e12676ebed67e3bb2a (patch) | |
| tree | 2ace4562ed41a41fb910e0b28ac4a2af220e395e /include/asm-generic | |
| parent | 727e5140e0cf83b4ce6a11b89bb73bff5d96f8f3 (diff) | |
| download | linux-5632d14b2f2a0ade2d0068e12676ebed67e3bb2a.tar.xz | |
audit: add missing syscalls to read class
[ Upstream commit bcb90a2834c7393c26df9609b889a3097b7700cd ]
The "at" variant of getxattr() and listxattr() are missing from the
audit read class. Calling getxattrat() or listxattrat() on a file to
read its extended attributes will bypass audit rules such as:
-w /tmp/test -p rwa -k test_rwa
The current patch adds missing syscalls to the audit read class.
Signed-off-by: Jeffrey Bencteux <jeff@bencteux.fr>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'include/asm-generic')
| -rw-r--r-- | include/asm-generic/audit_read.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/asm-generic/audit_read.h b/include/asm-generic/audit_read.h index 7bb7b5a83ae2..fb9991f53fb6 100644 --- a/include/asm-generic/audit_read.h +++ b/include/asm-generic/audit_read.h @@ -4,9 +4,15 @@ __NR_readlink, #endif __NR_quotactl, __NR_listxattr, +#ifdef __NR_listxattrat +__NR_listxattrat, +#endif __NR_llistxattr, __NR_flistxattr, __NR_getxattr, +#ifdef __NR_getxattrat +__NR_getxattrat, +#endif __NR_lgetxattr, __NR_fgetxattr, #ifdef __NR_readlinkat |