BUG: kernel header updates needed for 'auditctl -F perm' usage

[stevegrubb]

The files at include/asm-generic/audit_*.h have syscalls used to trigger watches for various syscalls without having to know the exact syscall. It appears that the the last time it was updated was for the fchmodat syscall which in arch/x86/entry/syscalls/syscall_64.tbl is syscall #268. The kernel currently has 332 syscalls. So, I think we need to review 269 -> 332 and update the headers.

[stevegrubb]

A patch adding fallocate and renameat2 was sent to mail list:
https://www.redhat.com/archives/linux-audit/2017-October/msg00048.html

More review is needed for other syscalls. For example, do we consider time stamp of a file one of its attributes? If so, then utimensat may need to be brought in. I also have no idea what to make of
name_to_handle_at and open_by_handle_at. That almost looks like a deconstructed open.

[pcmoore]

A patch adding fallocate and renameat2 was sent to mail list:
https://www.redhat.com/archives/linux-audit/2017-October/msg00048.html

... and it was merged via c372801.

[pcmoore]

@stevegrubb I know we talked about this a while ago, but I forgot the end result of the discussion ... Above you mention needing to review a range of syscalls, and you followed up with a patch to add two; does that mean you have reviewed everything and these were the only two? Or does it mean these were two that you found quickly, and a proper review is still needed?

Basically I'm asking if we are done here or not.

[stevegrubb]

We are not finished. I picked a couple obvious ones. A more detailed look needs to be done.

[pcmoore]

Okay, leaving it open.

[rgbriggs]

2021-03-17 post openat2 v1 https://listman.redhat.com/archives/linux-audit/2021-March/msg00095.html
userspace https://github.com/rgbriggs/audit-userspace/tree/ghau-openat2
testsuite linux-audit/audit-testsuite#103

2021-04-30 post openat2 v2 https://listman.redhat.com/archives/linux-audit/2021-April/msg00044.html
- add audit syscall class macros in new file include/linux/auditscm.h

2021-04-30 post opeanat2 v3 https://listman.redhat.com/archives/linux-audit/2021-April/msg00049.html
- re-add commit descriptions and add MAINTAINERS entry

[rgbriggs]

2021-10-04: merged into audit/next on v5.15-rc1
571e5c0 audit: add OPENAT2 record to list "how" info
1c30e3a audit: add support for the openat2 syscall
42f355e audit: replace magic audit syscall class numbers with macros