allow filesystem filtering on cgroup and cgroup2

rmetrich · stevegrubb · commit 17443220b3e2 · 2026-03-25T08:20:15.000-04:00
This is useful to avoid syscall hits on cgroup hierarchy manipulation
heavily performed by systemd, typically when having CIS rules in place.

Signed-off-by: Renaud Métrich &lt;rmetrich@redhat.com&gt;
diff --git a/docs/auditctl.8 b/docs/auditctl.8
@@ -169,7 +169,7 @@ Exit value from a syscall. If the exit code is an errno, you may use the text re
 Filesystem Group ID. May be numeric or the groups name.
 .TP
 .B fstype
-File system type. This is used with the filesystem rule list. The only values supported are debugfs and tracefs.
+File system type. This is used with the filesystem rule list. The only values supported are cgroup, cgroup2, debugfs and tracefs.
 .TP
 .B fsuid
 Filesystem User ID. May be numeric or the user account name.
diff --git a/lib/fstypetab.h b/lib/fstypetab.h
@@ -1,5 +1,5 @@
 /* fstypetab.h --
- * Copyright 2017 Red Hat Inc., Durham, North Carolina.
+ * Copyright 2017,2026 Red Hat Inc., Durham, North Carolina.
  * All Rights Reserved.
  *
  * This library is free software; you can redistribute it and/or
@@ -24,3 +24,5 @@
  */
 _S(0x74726163,	"tracefs"	)
 _S(0x64626720,	"debugfs"	)
+_S(0x27e0eb,	"cgroup"	)
+_S(0x63677270,	"cgroup2"	)
