58 lines
2.1 KiB
Diff
58 lines
2.1 KiB
Diff
This patch adds AppArmor support to the audit subsystem.
|
|
|
|
It creates id 1500 (already included in the the upstream auditd package) for
|
|
AppArmor messages.
|
|
|
|
It also exports the audit_log_vformat function (analagous to having both
|
|
printk and vprintk exported).
|
|
|
|
Signed-off-by: Tony Jones <tonyj@suse.de>
|
|
|
|
---
|
|
include/linux/audit.h | 5 +++++
|
|
kernel/audit.c | 3 ++-
|
|
2 files changed, 7 insertions(+), 1 deletion(-)
|
|
|
|
--- linux-2.6.17-rc1.orig/include/linux/audit.h
|
|
+++ linux-2.6.17-rc1/include/linux/audit.h
|
|
@@ -95,6 +95,8 @@
|
|
#define AUDIT_LAST_KERN_ANOM_MSG 1799
|
|
#define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
|
|
|
|
+#define AUDIT_AA 1500 /* AppArmor audit */
|
|
+
|
|
#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */
|
|
|
|
/* Rule flags */
|
|
@@ -349,6 +351,9 @@
|
|
__attribute__((format(printf,4,5)));
|
|
|
|
extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
|
|
+extern void audit_log_vformat(struct audit_buffer *ab,
|
|
+ const char *fmt, va_list args)
|
|
+ __attribute__((format(printf,2,0)));
|
|
extern void audit_log_format(struct audit_buffer *ab,
|
|
const char *fmt, ...)
|
|
__attribute__((format(printf,2,3)));
|
|
--- linux-2.6.17-rc1.orig/kernel/audit.c
|
|
+++ linux-2.6.17-rc1/kernel/audit.c
|
|
@@ -797,7 +797,7 @@
|
|
* will be called a second time. Currently, we assume that a printk
|
|
* can't format message larger than 1024 bytes, so we don't either.
|
|
*/
|
|
-static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
|
|
+void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
|
|
va_list args)
|
|
{
|
|
int len, avail;
|
|
@@ -999,4 +999,5 @@
|
|
EXPORT_SYMBOL(audit_log_start);
|
|
EXPORT_SYMBOL(audit_log_end);
|
|
EXPORT_SYMBOL(audit_log_format);
|
|
+EXPORT_SYMBOL(audit_log_vformat);
|
|
EXPORT_SYMBOL(audit_log);
|
|
-
|
|
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
|
|
the body of a message to majordomo@vger.kernel.org
|
|
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
|
Please read the FAQ at http://www.tux.org/lkml/
|