[patch RFC]: userspace crypto auditing

[Miloslav Trmac]

Hello,
I'm posting these patches for early review; users of the code are not in the kernel yet.

Two new records are defined; in each case output of records is caused by a syscall, and all other syscall-related data (process identity, syscall result) is audited in the usual records.

AUDIT_CRYPTO_STORAGE_KEY is used when a system-wide storage wrapping key is changed.

AUDIT_CRYPTO_USERSPACE_OP is used when any user-space program performs a crypto operation.  To disable auditing these records by default and to allow the users to selectively enable them using filters, a new filter field AUDIT_CRYPTO_OP is defined; auditing of all crypto operations can thus be enabled using (auditctl -a exit,always -F crypto_op!=0).

Attached for review are:
- A kernel patch
- An userspace audit patch
- A few example audit entries

    Mirek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kernel.patch
Type: text/x-patch
Size: 11132 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20100805/a636b933/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: audit-2.0.4-userspace_crypto.patch
Type: text/x-patch
Size: 7097 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20100805/a636b933/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: audit.log
Type: text/x-log
Size: 3891 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20100805/a636b933/attachment-0002.bin>