diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-11-02 07:17:39 +0300 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-11-02 07:17:39 +0300 |
| commit | d2fac0afe89fe30c39eaa98dda71f7c4cea190c2 (patch) | |
| tree | d595ee8a0256eda697c1ac33b73a738990a65f55 /include/linux/audit.h | |
| parent | cdab10bf3285ee354e8f50254aa799631b7a95e0 (diff) | |
| parent | d9516f346e8b8e9c7dd37976a06a5bde1a871d6f (diff) | |
| download | linux-d2fac0afe89fe30c39eaa98dda71f7c4cea190c2.tar.xz | |
Merge tag 'audit-pr-20211101' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
Pull audit updates from Paul Moore:
"Add some additional audit logging to capture the openat2() syscall
open_how struct info.
Previous variations of the open()/openat() syscalls allowed audit
admins to inspect the syscall args to get the information contained in
the new open_how struct used in openat2()"
* tag 'audit-pr-20211101' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
audit: return early if the filter rule has a lower priority
audit: add OPENAT2 record to list "how" info
audit: add support for the openat2 syscall
audit: replace magic audit syscall class numbers with macros
lsm_audit: avoid overloading the "key" audit field
audit: Convert to SPDX identifier
audit: rename struct node to struct audit_node to prevent future name collisions
Diffstat (limited to 'include/linux/audit.h')
| -rw-r--r-- | include/linux/audit.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index d656a06dd909..d06134ac6245 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -11,6 +11,7 @@ #include <linux/sched.h> #include <linux/ptrace.h> +#include <linux/audit_arch.h> #include <uapi/linux/audit.h> #include <uapi/linux/netfilter/nf_tables.h> @@ -416,6 +417,7 @@ extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, const struct cred *old); extern void __audit_log_capset(const struct cred *new, const struct cred *old); extern void __audit_mmap_fd(int fd, int flags); +extern void __audit_openat2_how(struct open_how *how); extern void __audit_log_kern_module(char *name); extern void __audit_fanotify(unsigned int response); extern void __audit_tk_injoffset(struct timespec64 offset); @@ -512,6 +514,12 @@ static inline void audit_mmap_fd(int fd, int flags) __audit_mmap_fd(fd, flags); } +static inline void audit_openat2_how(struct open_how *how) +{ + if (unlikely(!audit_dummy_context())) + __audit_openat2_how(how); +} + static inline void audit_log_kern_module(char *name) { if (!audit_dummy_context()) @@ -671,6 +679,9 @@ static inline void audit_log_capset(const struct cred *new, static inline void audit_mmap_fd(int fd, int flags) { } +static inline void audit_openat2_how(struct open_how *how) +{ } + static inline void audit_log_kern_module(char *name) { } |