Re: oldstyle permission vs. newstyle syscalls
Am 01.07.25 um 18:11 schrieb Casey Schaufler:
On 6/30/2025 11:42 PM, Ede Wolf wrote:
> Hi,
>
> we would like to convert out old style syntax, like
>
> -w /etc/crontab -p wa -l some_label
>
> to the newstyle
>
> -a exit,always. -S unlink...
>
> Just wondering, is there a table, that translates the permission
> (r,w,x,a) into their respective syscalls?
Could you explain the question in more detail? I'm having trouble understanding
the question.
Sure, but I would like to know, what is unclear?
When audit watches a file for changes (or access) , be it read, write,
execute or modification of its attributes, those changes are translated
into syscalls. To my little understanding.
And I was wondering, wether there is a translation available, that lists
f.e. a file "read" can mean one of those syscalls:
read
pread
readv
readlink
preadv
preadv2
Now, this list is obviously wrong, but maybe there is a (kind of)
authritive one around.