diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2015-09-08 13:34:59 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-09-08 13:34:59 -0700 |
commit | 425afcff13a4bea2a3cf6f395cbc66fc158852be (patch) | |
tree | c34863cf9fc8f608be586794db866285abbe317e /include | |
parent | b793c005ceabf6db0b17494b0ec67ade6796bb34 (diff) | |
parent | 15ce414b82b07acb99afda6e4d9bd14f317b6011 (diff) | |
download | linux-stable-425afcff13a4bea2a3cf6f395cbc66fc158852be.tar.gz linux-stable-425afcff13a4bea2a3cf6f395cbc66fc158852be.tar.bz2 linux-stable-425afcff13a4bea2a3cf6f395cbc66fc158852be.zip |
Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/audit
Pull audit update from Paul Moore:
"This is one of the larger audit patchsets in recent history,
consisting of eight patches and almost 400 lines of changes.
The bulk of the patchset is the new "audit by executable"
functionality which allows admins to set an audit watch based on the
executable on disk. Prior to this, admins could only track an
application by PID, which has some obvious limitations.
Beyond the new functionality we also have some refcnt fixes and a few
minor cleanups"
* 'upstream' of git://git.infradead.org/users/pcmoore/audit:
fixup: audit: implement audit by executable
audit: implement audit by executable
audit: clean simple fsnotify implementation
audit: use macros for unset inode and device values
audit: make audit_del_rule() more robust
audit: fix uninitialized variable in audit_add_rule()
audit: eliminate unnecessary extra layer of watch parent references
audit: eliminate unnecessary extra layer of watch references
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/audit.h | 4 | ||||
-rw-r--r-- | include/uapi/linux/audit.h | 5 |
2 files changed, 8 insertions, 1 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index c2e7e3a83965..b2abc996c25d 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -27,6 +27,9 @@ #include <linux/ptrace.h> #include <uapi/linux/audit.h> +#define AUDIT_INO_UNSET ((unsigned long)-1) +#define AUDIT_DEV_UNSET ((dev_t)-1) + struct audit_sig_info { uid_t uid; pid_t pid; @@ -59,6 +62,7 @@ struct audit_krule { struct audit_field *inode_f; /* quick access to an inode field */ struct audit_watch *watch; /* associated watch */ struct audit_tree *tree; /* associated watched tree */ + struct audit_fsnotify_mark *exe; struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ struct list_head list; /* for AUDIT_LIST* purposes only */ u64 prio; diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 1f977dd4c370..843540c398eb 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -266,6 +266,7 @@ #define AUDIT_OBJ_UID 109 #define AUDIT_OBJ_GID 110 #define AUDIT_FIELD_COMPARE 111 +#define AUDIT_EXE 112 #define AUDIT_ARG0 200 #define AUDIT_ARG1 (AUDIT_ARG0+1) @@ -324,8 +325,10 @@ enum { #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT 0x00000001 #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME 0x00000002 +#define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH 0x00000004 #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \ - AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME) + AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \ + AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH) /* deprecated: AUDIT_VERSION_* */ #define AUDIT_VERSION_LATEST AUDIT_FEATURE_BITMAP_ALL |