[PATCH ghau51/ghau40 v3 2/6] AUDIT_CONTAINER message type basic support
This defines the message number for the audit container identifier
information record should the kernel headers not be up to date and gives
the record number a name for printing.
See: https://github.com/linux-audit/audit-userspace/issues/51
See: https://github.com/linux-audit/audit-kernel/issues/90
See: https://github.com/linux-audit/audit-testsuite/issues/64
See: https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
lib/libaudit.h | 4 ++++
lib/msg_typetab.h | 1 +
2 files changed, 5 insertions(+)
diff --git a/lib/libaudit.h b/lib/libaudit.h
index 6cdd269..2dcd9e5 100644
--- a/lib/libaudit.h
+++ b/lib/libaudit.h
@@ -282,6 +282,10 @@ extern "C" {
#define AUDIT_FANOTIFY 1331 /* Fanotify access decision */
#endif
+#ifndef AUDIT_CONTAINER
+#define AUDIT_CONTAINER 1332 /* Container ID details */
+#endif
+
#ifndef AUDIT_ANOM_LINK
#define AUDIT_ANOM_LINK 1702 /* Suspicious use of file links */
#endif
diff --git a/lib/msg_typetab.h b/lib/msg_typetab.h
index e94bfb2..1ff6605 100644
--- a/lib/msg_typetab.h
+++ b/lib/msg_typetab.h
@@ -124,6 +124,7 @@ _S(AUDIT_PROCTITLE, "PROCTITLE"
)
_S(AUDIT_FEATURE_CHANGE, "FEATURE_CHANGE" )
_S(AUDIT_KERN_MODULE, "KERN_MODULE" )
_S(AUDIT_FANOTIFY, "FANOTIFY" )
+_S(AUDIT_CONTAINER, "CONTAINER" )
_S(AUDIT_AVC, "AVC" )
_S(AUDIT_SELINUX_ERR, "SELINUX_ERR" )
_S(AUDIT_AVC_PATH, "AVC_PATH" )
--
1.8.3.1