RFE: clone3() syscall needs a dedicated record

linux-audit / audit-kernel

GitHub mirror of the Linux Kernel's audit repository

https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git

Other

140 stars 37 forks source link

RFE: clone3() syscall needs a dedicated record #151

Open stevegrubb opened 1 year ago

stevegrubb commented 1 year ago

The clone3 syscall moves most parameters to struct clone_args. Flags, pidfd, exit_signal, and cgroup are of interest. The pidfd is only of interest if it has been resolved to the fd number - we do not want it's address.