On Fri, Jul 13, 2018 at 4:53 PM Richard Guy Briggs <[email protected]> wrote: > On 2018-07-12 13:36, Ondrej Mosnacek wrote: > > This new record type is used to log the full path corresponding to some > > important file descriptor used in a syscall. > > > > Signed-off-by: Ondrej Mosnacek <[email protected]> > > --- > > include/uapi/linux/audit.h | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h > > index 4e3eaba84175..d60041ae34a8 100644 > > --- a/include/uapi/linux/audit.h > > +++ b/include/uapi/linux/audit.h > > @@ -114,6 +114,7 @@ > > #define AUDIT_REPLACE 1329 /* Replace auditd if this > > packet unanswerd */ > > #define AUDIT_KERN_MODULE 1330 /* Kernel Module events */ > > #define AUDIT_FANOTIFY 1331 /* Fanotify access decision */ > > +#define AUDIT_FD_PATH 1334 /* File descriptor path info > > */ > > The final message type number depends on other work in flight which may > or may not be accepted first, so don't count on this one being the > final. Having said that, we usually use the next number in sequence > unless there is a hard dependence on another patchset. > > This will be the maintainer's job to juggle all these when they are > merged upstream. Unfortunately, that will make more work for the > corresponding user library patches that help identify this record type.
Of course, I set it to a different number mainly for easier testing on my side, I can set it to (previous+1) in the later "production-ready" patchsets. > > > #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ > > #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ > > - RGB > > -- > Richard Guy Briggs <[email protected]> > Sr. S/W Engineer, Kernel Security, Base Operating Systems > Remote, Ottawa, Red Hat Canada > IRC: rgb, SunRaycer > Voice: +1.647.777.2635, Internal: (81) 32635 -- Ondrej Mosnacek <omosnace at redhat dot com> Associate Software Engineer, Security Technologies Red Hat, Inc. -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
