On 2018-07-12 13:36, Ondrej Mosnacek wrote: > This new record type is used to log the full path corresponding to some > important file descriptor used in a syscall. > > Signed-off-by: Ondrej Mosnacek <[email protected]> > --- > include/uapi/linux/audit.h | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h > index 4e3eaba84175..d60041ae34a8 100644 > --- a/include/uapi/linux/audit.h > +++ b/include/uapi/linux/audit.h > @@ -114,6 +114,7 @@ > #define AUDIT_REPLACE 1329 /* Replace auditd if this > packet unanswerd */ > #define AUDIT_KERN_MODULE 1330 /* Kernel Module events */ > #define AUDIT_FANOTIFY 1331 /* Fanotify access decision */ > +#define AUDIT_FD_PATH 1334 /* File descriptor path info */
The final message type number depends on other work in flight which may or may not be accepted first, so don't count on this one being the final. Having said that, we usually use the next number in sequence unless there is a hard dependence on another patchset. This will be the maintainer's job to juggle all these when they are merged upstream. Unfortunately, that will make more work for the corresponding user library patches that help identify this record type. > #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ > #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ - RGB -- Richard Guy Briggs <[email protected]> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
