diff options
| author | Linus Torvalds | 2017-02-21 22:25:50 +0100 |
|---|---|---|
| committer | Linus Torvalds | 2017-02-21 22:25:50 +0100 |
| commit | b8989bccd6a0ad49db4795afca56a733e1c19099 (patch) | |
| tree | b9f974ea3ee701e75bcd5225497ba0a472322d1c /include/uapi/linux/audit.h | |
| parent | Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/... (diff) | |
| parent | audit: remove unnecessary curly braces from switch/case statements (diff) | |
| download | kernel-qcow2-linux-b8989bccd6a0ad49db4795afca56a733e1c19099.tar.gz kernel-qcow2-linux-b8989bccd6a0ad49db4795afca56a733e1c19099.tar.xz kernel-qcow2-linux-b8989bccd6a0ad49db4795afca56a733e1c19099.zip | |
Merge branch 'stable-4.11' of git://git.infradead.org/users/pcmoore/audit
Pull audit updates from Paul Moore:
"The audit changes for v4.11 are relatively small compared to what we
did for v4.10, both in terms of size and impact.
- two patches from Steve tweak the formatting for some of the audit
records to make them more consistent with other audit records.
- three patches from Richard record the name of a module on module
load, fix the logging of sockaddr information when using
socketcall() on 32-bit systems, and add the ability to reset
audit's lost record counter.
- my lone patch just fixes an annoying style nit that I was reminded
about by one of Richard's patches.
All these patches pass our test suite"
* 'stable-4.11' of git://git.infradead.org/users/pcmoore/audit:
audit: remove unnecessary curly braces from switch/case statements
audit: log module name on init_module
audit: log 32-bit socketcalls
audit: add feature audit_lost reset
audit: Make AUDIT_ANOM_ABEND event normalized
audit: Make AUDIT_KERNEL event conform to the specification
Diffstat (limited to 'include/uapi/linux/audit.h')
| -rw-r--r-- | include/uapi/linux/audit.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 1c107cb1c83f..0714a66f0e0c 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -111,6 +111,7 @@ #define AUDIT_PROCTITLE 1327 /* Proctitle emit event */ #define AUDIT_FEATURE_CHANGE 1328 /* audit log listing feature changes */ #define AUDIT_REPLACE 1329 /* Replace auditd if this packet unanswerd */ +#define AUDIT_KERN_MODULE 1330 /* Kernel Module events */ #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ @@ -326,17 +327,21 @@ enum { #define AUDIT_STATUS_RATE_LIMIT 0x0008 #define AUDIT_STATUS_BACKLOG_LIMIT 0x0010 #define AUDIT_STATUS_BACKLOG_WAIT_TIME 0x0020 +#define AUDIT_STATUS_LOST 0x0040 #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT 0x00000001 #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME 0x00000002 #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH 0x00000004 #define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND 0x00000008 #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER 0x00000010 +#define AUDIT_FEATURE_BITMAP_LOST_RESET 0x00000020 + #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \ AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \ AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \ AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \ - AUDIT_FEATURE_BITMAP_SESSIONID_FILTER) + AUDIT_FEATURE_BITMAP_SESSIONID_FILTER | \ + AUDIT_FEATURE_BITMAP_LOST_RESET) /* deprecated: AUDIT_VERSION_* */ #define AUDIT_VERSION_LATEST AUDIT_FEATURE_BITMAP_ALL |