On Thu, Feb 25, 2021 at 5:15 PM Steve Grubb <[email protected]> wrote: > > Hello, > > There was an announcement on the oss-security mail list a week ago: > > https://seclists.org/oss-sec/2021/q1/155 > > regarding auditing of the open_by_handle_at system call ...
The *at() syscalls are a known issue with respect to audit; we have a few open GH issues related to the topic, the oldest appears to be the one below: * https://github.com/linux-audit/audit-kernel/issues/9 > ... In any event, they are asking what upstream audit is going to do about > this? I recognize it sounds a bit trite here, but "patches are always welcome". Basically someone needs to have the time and motivation to look into this and put forth some patches that we can discuss and iterate over. The problem is that historically audit has attracted very few kernel developers outside the occasional development push by a distro preparing a OS release for a certification effort. I was just lamenting this fact on a private mail thread with some other kernel developers a couple of weeks ago ... -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
