summaryrefslogtreecommitdiffstats
path: root/framework/src/audit/lib/syscall-update.txt
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/audit/lib/syscall-update.txt')
-rw-r--r--framework/src/audit/lib/syscall-update.txt20
1 files changed, 20 insertions, 0 deletions
diff --git a/framework/src/audit/lib/syscall-update.txt b/framework/src/audit/lib/syscall-update.txt
new file mode 100644
index 00000000..89d63717
--- /dev/null
+++ b/framework/src/audit/lib/syscall-update.txt
@@ -0,0 +1,20 @@
+The place where syscall information is gathered is:
+
+arch/alpha/include/uapi/asm/unistd.h
+arch/arm/include/uapi/asm/unistd.h
+arch/ia64/include/uapi/asm/unistd.h
+arch/powerpc/include/uapi/asm/unistd.h
+arch/s390/include/uapi/asm/unistd.h
+arch/x86/syscalls/syscall_32.tbl
+arch/x86/syscalls/syscall_64.tbl
+include/uapi/asm-generic/unistd.h (aarch64)
+
+For src/ausearch-lookup.c:
+Inspect include/linux/net.h for socketcall updates
+Inspect include/linux/ipc.h for ipccall updates
+
+For adding new arches, the following might be useful to get a first pass file:
+
+cat unistd.h | grep '^#define __NR_' | tr -d ')' | tr 'NR+' ' ' | awk '{ printf "_S(%s, \"%s\")\n", $6, $3 }; '
+
+it will still need hand editing