Closed amstrnad closed 7 years ago
It looks like we're missing a call to audit the returned UUID in kern_symlink(9)
. I am testing a fix and will commit soon (if all goes well). It looks like similar auditing was missing for the system calls mkdir(2)
and mknod(2)
, so I will add it there as well .. but perhaps we are not testing those adequately as we didn't pick up those gaps either?
symlink looks better.
I'm not sure what exactly is happening, but when I try to test mkdir, I'm kicked out of my ssh session. I didn't find any useful errors in the logs, but I may not have been looking in the right place.
Looks good now.
This is not consistent behavior, but frequently when tracing the symlink syscall, the file uuid being linked to is not included.
For example: