Re: [PATCH] audit: add missing syscalls to read class

Next message: Jonathan Corbet: "Re: [PATCH] doc-guide: kernel-doc: specify that W=n does not check header files"
Previous message: Stephen Rothwell: "Re: linux-next: manual merge of the bpf-next tree with the mm-unstable tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Paul Moore

Date: Tue Jan 06 2026 - 16:42:30 EST

On Dec 27, 2025 Jeffrey Bencteux <jeff@xxxxxxxxxxx> wrote:
>
> The "at" variant of getxattr() and listxattr() are missing from the
> audit read class. Calling getxattrat() or listxattrat() on a file to
> read its extended attributes will bypass audit rules such as:
>
> -w /tmp/test -p rwa -k test_rwa
>
> The current patch adds missing syscalls to the audit read class.
>
> Signed-off-by: Jeffrey Bencteux <jeff@xxxxxxxxxxx>
> ---
> include/asm-generic/audit_read.h | 6 ++++++
> 1 file changed, 6 insertions(+)

Merged into audit/dev, thanks Jeffrey!

--
paul-moore.com