Clone and fcntl64 flags patch
Steve Grubb
sgrubb at redhat.com
Tue Jul 24 21:36:45 UTC 2007
On Monday 23 July 2007 07:44:42 am John D. Ramsdell wrote:
> Enclosed is a patch for auparse/interpret.c that makes it so that
> a0 is interpreted for clone flags, not a2.
Thanks...will appy.
> It also fixes two problems with interpreting the fcntl system call. The
> name of the system call is fcntl64, but the original code looked for the
> name fcntl.
It was doing: strncmp(sys, "fcntl", 5) == 0), which is not a full string
compare. I think this is correct.
> I have also added a case so that a2 is printed as FD_CLOEXEC whenever a1 is
> F_SETFD and a2 is 1.
Thanks...merging this piece.
-Steve
More information about the Linux-audit
mailing list