summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve Grubb <sgrubb@redhat.com>2016-12-14 21:59:46 +0100
committerPaul Moore <paul@paul-moore.com>2016-12-14 21:59:46 +0100
commit7c397d01e43493dd087f9cd926cd1fcf508a8019 (patch)
tree1c26386691417702fbaa165771f1a5af8b9e5028
parentaudit: use proper refcount locking on audit_sock (diff)
downloadlinux-7c397d01e43493dd087f9cd926cd1fcf508a8019.tar.xz
linux-7c397d01e43493dd087f9cd926cd1fcf508a8019.zip
audit: Make AUDIT_KERNEL event conform to the specification
The AUDIT_KERNEL event is not following name=value format. This causes some information to get lost. The event has been reformatted to follow the convention. Additionally the audit_enabled value was added for troubleshooting purposes. The following is an example of the new event: type=KERNEL audit(1480621249.833:1): state=initialized audit_enabled=0 res=1 Signed-off-by: Steve Grubb <sgrubb@redhat.com> [PM: commit tweaks to make checkpatch.pl happy] Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r--kernel/audit.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 41017685f9f2..57acf2541fdd 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1344,7 +1344,9 @@ static int __init audit_init(void)
panic("audit: failed to start the kauditd thread (%d)\n", err);
}
- audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
+ audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL,
+ "state=initialized audit_enabled=%u res=1",
+ audit_enabled);
return 0;
}