[PATCH] Audit of POSIX Message Queue Syscalls Userspace

George C. Wilson ltcgcw at us.ibm.com
Wed May 17 01:42:39 UTC 2006 

This patch adds identifiers for the POSIX MQ auxiliary records.  It applies
cleanly to audit-1.2.2.  The constants are conditionally #define'd in
lib/libaudit.h, and the messages themselves in lib/msg_typetab.h.  Not sure
what the expectation is for new #defines--/usr/include/linux/audit.h or
lib/libaudit.h.  But chose the latter with the sort of preprocessor
conditionals I saw in use in some of the other groups of defines.  So it
doesn't care about audit.h one way or the other.

Please apply when kernel work is ready.

 libaudit.h    |    6 ++++++
 msg_typetab.h |    4 ++++
 2 files changed, 10 insertions(+)

Signed-off-by: George Wilson <ltcgcw at us.ibm.com>

--

diff -Naurp audit-1.2.2.orig/lib/libaudit.h audit-1.2.2/lib/libaudit.h
--- audit-1.2.2.orig/lib/libaudit.h	2006-05-12 12:56:55.000000000 -0500
+++ audit-1.2.2/lib/libaudit.h	2006-05-16 18:12:14.000000000 -0500
@@ -96,6 +96,12 @@ extern "C" {
 #ifndef AUDIT_IPC_SET_PERM
 #define AUDIT_IPC_SET_PERM	1311	/* IPC new permissions record type */
 #endif
+#ifndef AUDIT_MQ_OPEN
+#define AUDIT_MQ_OPEN		1312	/* POSIX MQ open record type */
+#define AUDIT_MQ_SENDRECV	1313	/* POSIX MQ send/receive record type */
+#define AUDIT_MQ_NOTIFY		1314	/* POSIX MQ notify record type */
+#define AUDIT_MQ_GETSETATTR	1315	/* POSIX MQ get/set attribute record type */
+#endif
 #define AUDIT_LAST_EVENT	1399
 
 #define AUDIT_FIRST_SELINUX	1400
diff -Naurp audit-1.2.2.orig/lib/msg_typetab.h audit-1.2.2/lib/msg_typetab.h
--- audit-1.2.2.orig/lib/msg_typetab.h	2006-05-12 12:08:28.000000000 -0500
+++ audit-1.2.2/lib/msg_typetab.h	2006-05-16 18:12:14.000000000 -0500
@@ -77,6 +77,10 @@ _S(AUDIT_FS_INODE,                   "FS
 _S(AUDIT_EXECVE,                     "EXECVE"                        )
 _S(AUDIT_SYSCALL_PARTIAL,            "SYSCALL_PARTIAL"               )
 _S(AUDIT_IPC_SET_PERM,               "IPC_SET_PERM"                  )
+_S(AUDIT_MQ_OPEN,                    "MQ_OPEN"                       )
+_S(AUDIT_MQ_SENDRECV,                "MQ_SENDRECV"                   )
+_S(AUDIT_MQ_NOTIFY,                  "MQ_NOTIFY"                     )
+_S(AUDIT_MQ_GETSETATTR,              "MQ_GETSETATTR"                 )
 _S(AUDIT_AVC,                        "AVC"                           )
 _S(AUDIT_SELINUX_ERR,                "SELINUX_ERR"                   )
 _S(AUDIT_AVC_PATH,                   "AVC_PATH"                      )
-- 
George Wilson <ltcgcw at us.ibm.com>
IBM Linux Technology Center

More information about the Linux-audit mailing list