[RFC PATCH ghak9 1/3] audit: Add AUDIT_FD_PATH auxiliary record type
Ondrej Mosnacek
omosnace at redhat.com
Thu Jul 12 11:36:31 UTC 2018
This new record type is used to log the full path corresponding to some
important file descriptor used in a syscall.
Signed-off-by: Ondrej Mosnacek <omosnace at redhat.com>
---
include/uapi/linux/audit.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 4e3eaba84175..d60041ae34a8 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -114,6 +114,7 @@
#define AUDIT_REPLACE 1329 /* Replace auditd if this packet unanswerd */
#define AUDIT_KERN_MODULE 1330 /* Kernel Module events */
#define AUDIT_FANOTIFY 1331 /* Fanotify access decision */
+#define AUDIT_FD_PATH 1334 /* File descriptor path info */
#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
--
2.17.1
More information about the Linux-audit
mailing list