summaryrefslogtreecommitdiffstats
path: root/kernel/audit.h
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2017-02-04 19:10:38 +0100
committerPaul Moore <paul@paul-moore.com>2017-02-13 22:17:13 +0100
commitca86cad7380e373fa17bc0ee8aff121380323e69 (patch)
tree68407211f533b1e8c30ce3ffc60206347d3811af /kernel/audit.h
parentaudit: log 32-bit socketcalls (diff)
downloadlinux-ca86cad7380e373fa17bc0ee8aff121380323e69.tar.xz
linux-ca86cad7380e373fa17bc0ee8aff121380323e69.zip
audit: log module name on init_module
This adds a new auxiliary record MODULE_INIT to the SYSCALL event. We get finit_module for free since it made most sense to hook this in to load_module(). https://github.com/linux-audit/audit-kernel/issues/7 https://github.com/linux-audit/audit-kernel/wiki/RFE-Module-Load-Record-Format Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Acked-by: Jessica Yu <jeyu@redhat.com> [PM: corrected links in the commit description] Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/audit.h')
-rw-r--r--kernel/audit.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/kernel/audit.h b/kernel/audit.h
index 431444c3708b..144b7ebd2deb 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -199,6 +199,9 @@ struct audit_context {
struct {
int argc;
} execve;
+ struct {
+ char *name;
+ } module;
};
int fds[2];
struct audit_proctitle proctitle;