diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2009-02-11 11:12:28 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-02-12 09:40:14 +1100 |
commit | 523979adfa0b79d4e3aa053220c37a9233294206 (patch) | |
tree | 15ff42f935f9d443220edb118f3980432f924360 /include/linux | |
parent | ed850a52af971528b048812c4215cef298af0d3b (diff) | |
download | linux-523979adfa0b79d4e3aa053220c37a9233294206.tar.gz linux-523979adfa0b79d4e3aa053220c37a9233294206.tar.bz2 linux-523979adfa0b79d4e3aa053220c37a9233294206.zip |
integrity: audit update
Based on discussions on linux-audit, as per Steve Grubb's request
http://lkml.org/lkml/2009/2/6/269, the following changes were made:
- forced audit result to be either 0 or 1.
- made template names const
- Added new stand-alone message type: AUDIT_INTEGRITY_RULE
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/audit.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 930939abfbc6..4fa2810b675e 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -36,7 +36,8 @@ * 1500 - 1599 kernel LSPP events * 1600 - 1699 kernel crypto events * 1700 - 1799 kernel anomaly records - * 1800 - 1999 future kernel use (maybe integrity labels and related events) + * 1800 - 1899 kernel integrity events + * 1900 - 1999 future kernel use * 2000 is for otherwise unclassified kernel audit messages (legacy) * 2001 - 2099 unused (kernel) * 2100 - 2199 user space anomaly records @@ -130,6 +131,7 @@ #define AUDIT_INTEGRITY_STATUS 1802 /* Integrity enable status */ #define AUDIT_INTEGRITY_HASH 1803 /* Integrity HASH type */ #define AUDIT_INTEGRITY_PCR 1804 /* PCR invalidation msgs */ +#define AUDIT_INTEGRITY_RULE 1805 /* policy rule */ #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ |