audit: add filtering for io_uring records

This patch adds basic audit io_uring filtering, using as much of the existing audit filtering infrastructure as possible. In order to do this we reuse the audit filter rule's syscall mask for the io_uring operation and we create a new filter for io_uring operations as AUDIT_FILTER_URING_EXIT/audit_filter_list[7]. Thanks to Richard Guy Briggs for his review, feedback, and work on the corresponding audit userspace changes. Acked-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Paul Moore <paul@paul-moore.com> 2021-04-19 04:54:47 +0300
committer: Paul Moore <paul@paul-moore.com> 2021-09-20 05:34:38 +0300
commit: 67daf270cebcf7aab4b3292b36f9adf357b23ddc (patch)
tree: 6f5bbbe164b0f6e45c269291b908c4ae1116d17f /include/uapi/linux/audit.h
parent: 5bd2182d58e9d9c6279b7a8a2f9b41add0e7f9cb (diff)
download: linux-67daf270cebcf7aab4b3292b36f9adf357b23ddc.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index a1997697c8b1..ecf1edd2affa 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -167,8 +167,9 @@
 #define AUDIT_FILTER_EXCLUDE	0x05	/* Apply rule before record creation */
 #define AUDIT_FILTER_TYPE	AUDIT_FILTER_EXCLUDE /* obsolete misleading naming */
 #define AUDIT_FILTER_FS		0x06	/* Apply rule at __audit_inode_child */
+#define AUDIT_FILTER_URING_EXIT	0x07	/* Apply rule at io_uring op exit */
 
-#define AUDIT_NR_FILTERS	7
+#define AUDIT_NR_FILTERS	8
 
 #define AUDIT_FILTER_PREPEND	0x10	/* Prepend to front of list */
author	Paul Moore <paul@paul-moore.com>	2021-04-19 04:54:47 +0300
committer	Paul Moore <paul@paul-moore.com>	2021-09-20 05:34:38 +0300
commit	67daf270cebcf7aab4b3292b36f9adf357b23ddc (patch)
tree	6f5bbbe164b0f6e45c269291b908c4ae1116d17f /include/uapi/linux/audit.h
parent	5bd2182d58e9d9c6279b7a8a2f9b41add0e7f9cb (diff)
download	linux-67daf270cebcf7aab4b3292b36f9adf357b23ddc.tar.xz