Skip to content

fstype: allow filtering of all supported file systems#520

Open
rmetrich wants to merge 1 commit intolinux-audit:masterfrom
rmetrich:fstype
Open

fstype: allow filtering of all supported file systems#520
rmetrich wants to merge 1 commit intolinux-audit:masterfrom
rmetrich:fstype

Conversation

@rmetrich
Copy link

@rmetrich rmetrich commented Mar 19, 2026

The code was only supporting debugfs and tracefs and the values were hardcoded.
This commit brings to for filtering all known file systems.

Credits for the shell script generator go to Sergio Correia.

@rmetrich
fstype: allow filtering of all supported file systems
4836ed5 
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
@stevegrubb
Copy link
Contributor

stevegrubb commented Mar 21, 2026

Out of curiosity, why would we want to support all filesystems? The whole reason this exists at all is because debugfs and tracefs are pseudo filesystem that if they are watched (even accidentally) can hang the system or make it unresponsive like it has a heavy load. IOW, this was to enable the system to function normally. Opening this up to all file systems sounds like an easy way to shoot yourself in the foot.

@rmetrich
Copy link
Author

rmetrich commented Mar 22, 2026

We want actually to also be able to avoid monitoring cgroup (/sys/fs/cgroup): when having CIS rules, a lot of hits show up because of systemd manipulating the cgroup hierarchy (on session creation/deletion for example).
Because admins may want to exclude whatever they want, I believe we should open filtering to anything, it's then admin's responsibility.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rmetrich @stevegrubb