audit-kernel icon indicating copy to clipboard operation
audit-kernel copied to clipboard
verified publisher icon linux-audit

RFE: clone3() syscall needs a dedicated record

Open stevegrubb opened this issue 2 years ago • 0 comments

The clone3 syscall moves most parameters to struct clone_args. Flags, pidfd, exit_signal, and cgroup are of interest. The pidfd is only of interest if it has been resolved to the fd number - we do not want it's address.

stevegrubb avatar Sep 20 '23 16:09 stevegrubb