diff options
author | Steve Grubb <sgrubb@redhat.com> | 2016-12-14 21:59:46 +0100 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2016-12-14 21:59:46 +0100 |
commit | 7c397d01e43493dd087f9cd926cd1fcf508a8019 (patch) | |
tree | 1c26386691417702fbaa165771f1a5af8b9e5028 | |
parent | audit: use proper refcount locking on audit_sock (diff) | |
download | linux-7c397d01e43493dd087f9cd926cd1fcf508a8019.tar.xz linux-7c397d01e43493dd087f9cd926cd1fcf508a8019.zip |
audit: Make AUDIT_KERNEL event conform to the specification
The AUDIT_KERNEL event is not following name=value format. This causes
some information to get lost. The event has been reformatted to follow
the convention. Additionally the audit_enabled value was added for
troubleshooting purposes. The following is an example of the new event:
type=KERNEL audit(1480621249.833:1): state=initialized
audit_enabled=0 res=1
Signed-off-by: Steve Grubb <sgrubb@redhat.com>
[PM: commit tweaks to make checkpatch.pl happy]
Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r-- | kernel/audit.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 41017685f9f2..57acf2541fdd 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1344,7 +1344,9 @@ static int __init audit_init(void) panic("audit: failed to start the kauditd thread (%d)\n", err); } - audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized"); + audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, + "state=initialized audit_enabled=%u res=1", + audit_enabled); return 0; } |