diff options
Diffstat (limited to 'internal/generate')
| -rw-r--r-- | internal/generate/classify_test.go | 6 | ||||
| -rw-r--r-- | internal/generate/family.go | 8 |
2 files changed, 13 insertions, 1 deletions
diff --git a/internal/generate/classify_test.go b/internal/generate/classify_test.go index c9ac8eb..b925a03 100644 --- a/internal/generate/classify_test.go +++ b/internal/generate/classify_test.go @@ -1540,6 +1540,12 @@ func TestClassifySyscallPairEmitsAllFamilies(t *testing.T) { {"request_key", syntheticEnter("request_key", 9304), syntheticExit("request_key", 9303), FamilySecurity}, {"ptrace", syntheticEnter("ptrace", 9306), syntheticExit("ptrace", 9305), FamilySecurity}, {"perf_event_open", syntheticEnter("perf_event_open", 9308), syntheticExit("perf_event_open", 9307), FamilySecurity}, + // lsm_* are the Linux Security Module introspection syscalls (Linux + // 6.8+); they belong with their landlock_*/keyctl/*_key siblings in + // the Security family, not Misc. + {"lsm_list_modules", syntheticEnter("lsm_list_modules", 9412), syntheticExit("lsm_list_modules", 9411), FamilySecurity}, + {"lsm_get_self_attr", syntheticEnter("lsm_get_self_attr", 9414), syntheticExit("lsm_get_self_attr", 9413), FamilySecurity}, + {"lsm_set_self_attr", syntheticEnter("lsm_set_self_attr", 9416), syntheticExit("lsm_set_self_attr", 9415), FamilySecurity}, {"mount", FormatMount, FormatExitMount, FamilyFS}, {"umount", FormatUmount, FormatExitUmount, FamilyFS}, {"move_mount", FormatMoveMount, FormatExitMoveMount, FamilyFS}, diff --git a/internal/generate/family.go b/internal/generate/family.go index a883bf8..1ea8bca 100644 --- a/internal/generate/family.go +++ b/internal/generate/family.go @@ -121,7 +121,13 @@ var syscallFamilies = map[string]SyscallFamily{ "kexec_file_load": FamilySecurity, "keyctl": FamilySecurity, "landlock_add_rule": FamilySecurity, "landlock_create_ruleset": FamilySecurity, "landlock_restrict_self": FamilySecurity, "lookup_dcookie": FamilySecurity, - "perf_event_open": FamilySecurity, "ptrace": FamilySecurity, + // lsm_* are the Linux Security Module (LSM) introspection syscalls + // (Linux 6.8+): list loaded LSMs and get/set per-task LSM attributes. + // They belong with the other security syscalls, alongside their + // landlock_* and *_key siblings. + "lsm_get_self_attr": FamilySecurity, "lsm_list_modules": FamilySecurity, + "lsm_set_self_attr": FamilySecurity, + "perf_event_open": FamilySecurity, "ptrace": FamilySecurity, "request_key": FamilySecurity, "seccomp": FamilySecurity, } |