xattr syscalls

The xattr syscalls tag on WindowsForum.com covers discussions about extended attribute system calls, primarily in the context of Linux kernel auditing. A recent thread highlights a patch that fixed an auditing gap where the getxattrat and listxattrat syscalls were not mapped to the read audit class, allowing reads of extended attributes to bypass file-read audit rules. This has implications for security monitoring and compliance, as administrators relying on audit rules could miss logging of sensitive attribute reads. The tag is relevant for those interested in Linux kernel security, auditing, and file system extended attributes.