Skip to content

Commit

Permalink
AUDIT_CONTAINER_OP message type basic support
Browse files Browse the repository at this point in the history
This defines the message number for the audit container identifier
registration record should the kernel headers not be up to date, gives
the record number a name for printing and allows the record to be
interpreted since it is in the 1000 range like AUDIT_LOGIN.

See: linux-audit#51
See: linux-audit/audit-kernel#90
See: linux-audit/audit-testsuite#64
See: https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
  • Loading branch information
rgbriggs committed Jun 25, 2020
1 parent 39ef028 commit c367a24
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 0 deletions.
4 changes: 4 additions & 0 deletions lib/libaudit.h
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,10 @@ extern "C" {
#define AUDIT_GET_FEATURE 1019 /* Get which features are enabled */
#endif

#ifndef AUDIT_CONTAINER_OP
#define AUDIT_CONTAINER_OP 1020 /* Container creation notice */
#endif

#ifndef AUDIT_MMAP
#define AUDIT_MMAP 1323 /* Descriptor and flags in mmap */
#endif
Expand Down
1 change: 1 addition & 0 deletions lib/msg_typetab.h
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ _S(AUDIT_LOGIN, "LOGIN" )
//_S(AUDIT_TTY_SET, "TTY_SET" )
//_S(AUDIT_SET_FEATURE, "SET_FEATURE" )
//_S(AUDIT_GET_FEATURE, "GET_FEATURE" )
_S(AUDIT_CONTAINER_OP, "CONTAINER_OP" )
_S(AUDIT_USER_AUTH, "USER_AUTH" )
_S(AUDIT_USER_ACCT, "USER_ACCT" )
_S(AUDIT_USER_MGMT, "USER_MGMT" )
Expand Down
1 change: 1 addition & 0 deletions lib/netlink.c
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,7 @@ static int adjust_reply(struct audit_reply *rep, int len)
break;
case AUDIT_USER:
case AUDIT_LOGIN:
case AUDIT_CONTAINER_OP:
case AUDIT_KERNEL:
case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2:
Expand Down
2 changes: 2 additions & 0 deletions src/ausearch-lol.c
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,8 @@ static void check_events(lol *lo, time_t sec)
ready++;
} else if ( cur->l->e.type < AUDIT_LOGIN ||
(cur->l->e.type > AUDIT_LOGIN &&
cur->l->e.type < AUDIT_CONTAINER_OP ) ||
(cur->l->e.type > AUDIT_CONTAINER_OP &&
cur->l->e.type < AUDIT_FIRST_EVENT ) ||
cur->l->e.type == AUDIT_PROCTITLE ||
(cur->l->e.type >= AUDIT_MAC_UNLBL_ALLOW &&
Expand Down

0 comments on commit c367a24

Please # to comment.