diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2018-12-10 23:17:48 +0100 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2019-01-14 22:40:31 +0100 |
commit | 53fc7a01df51f58b317ea5ab1607a1af65d6d4cf (patch) | |
tree | 47496488683a4ea541f87958c7ef987ca36c3cb3 /kernel/audit_tree.c | |
parent | Linux 5.0-rc1 (diff) | |
download | linux-53fc7a01df51f58b317ea5ab1607a1af65d6d4cf.tar.xz linux-53fc7a01df51f58b317ea5ab1607a1af65d6d4cf.zip |
audit: give a clue what CONFIG_CHANGE op was involved
The failure to add an audit rule due to audit locked gives no clue
what CONFIG_CHANGE operation failed.
Similarly the set operation is the only other operation that doesn't
give the "op=" field to indicate the action.
All other CONFIG_CHANGE records include an op= field to give a clue as
to what sort of configuration change is being executed.
Since these are the only CONFIG_CHANGE records that that do not have an
op= field, add them to bring them in line with the rest.
Old records:
type=CONFIG_CHANGE msg=audit(1519812997.781:374): pid=610 uid=0 auid=0 ses=1 subj=... audit_enabled=2 res=0
type=CONFIG_CHANGE msg=audit(2018-06-14 14:55:04.507:47) : audit_enabled=1 old=1 auid=unset ses=unset subj=... res=yes
New records:
type=CONFIG_CHANGE msg=audit(1520958477.855:100): pid=610 uid=0 auid=0 ses=1 subj=... op=add_rule audit_enabled=2 res=0
type=CONFIG_CHANGE msg=audit(2018-06-14 14:55:04.507:47) : op=set audit_enabled=1 old=1 auid=unset ses=unset subj=... res=yes
See: https://github.com/linux-audit/audit-kernel/issues/59
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: fixed checkpatch.pl line length problems]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/audit_tree.c')
0 files changed, 0 insertions, 0 deletions