[PATCH 1/1] audit: Add new syscalls to the perm=w filter

Paul Moore paul at paul-moore.com
Mon Oct 16 19:15:03 UTC 2017 

On Mon, Oct 16, 2017 at 3:06 PM, Richard Guy Briggs <rgb at redhat.com> wrote:
> On 2017-10-16 19:00, Richard Guy Briggs wrote:
>> On 2017-10-13 03:24, Steve Grubb wrote:
>> > The audit subsystem allows selecting audit events based on watches for
>> > a particular behavior like writing to a file. A lot of syscalls have
>> > been added without updating the list. This patch adds 2 syscalls to the
>> > write filters: fallocate and renameat2.
>> >
>> > Signed-off-by: sgrubb <sgrubb at redhat.com>
>>
>> Reviewed-by: Richard Guy Briggs <rgb at redhat.com>
>
> Please add a link to the issue number in the body of the patch description:
>
> See: https://github.com/linux-audit/audit-kernel/issues/67

FWIW, I don't really care if the upstream issue is included in the
submitted patch; if you want to include it - great, if you don't -
that's fine too.  The commit description needs to stand on its own,
regardless of any external issue trackers, mailing lists, etc.

I'm guessing based on your constant reminders that Steve has gotten
the message at this point that you would really prefer he added the
issue tracker numbers; I'm not sure you need to keep mentioning it. ;)

>> > ---
>> >  include/asm-generic/audit_dir_write.h | 4 ++++
>> >  include/asm-generic/audit_write.h     | 3 +++
>> >  2 files changed, 7 insertions(+)
>> >
>> > diff --git a/include/asm-generic/audit_dir_write.h b/include/asm-generic/audit_dir_write.h
>> > index 7b61db4fe72b..d9a53eaeea35 100644
>> > --- a/include/asm-generic/audit_dir_write.h
>> > +++ b/include/asm-generic/audit_dir_write.h
>> > @@ -30,3 +30,7 @@ __NR_renameat,
>> >  __NR_linkat,
>> >  __NR_symlinkat,
>> >  #endif
>> > +#ifdef __NR_renameat2
>> > +__NR_renameat2,
>> > +#endif
>> > +
>> > diff --git a/include/asm-generic/audit_write.h b/include/asm-generic/audit_write.h
>> > index 274575d7129f..4fa65816acd3 100644
>> > --- a/include/asm-generic/audit_write.h
>> > +++ b/include/asm-generic/audit_write.h
>> > @@ -19,3 +19,6 @@ __NR_ftruncate64,
>> >  #ifdef __NR_bind
>> >  __NR_bind,         /* bind can affect fs object only in one way... */
>> >  #endif
>> > +#ifdef __NR_fallocate
>> > +__NR_fallocate,
>> > +#endif
>> > --
>> > 2.13.6
>>
>> - RGB
>
> - RGB
>
> --
> Richard Guy Briggs <rgb at redhat.com>
> Sr. S/W Engineer, Kernel Security, Base Operating Systems
> Remote, Ottawa, Red Hat Canada
> IRC: rgb, SunRaycer
> Voice: +1.647.777.2635, Internal: (81) 32635
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit

-- 
paul moore
www.paul-moore.com

More information about the Linux-audit mailing list