Re: [PATCH ghak10 v5 1/2] audit: Add functions to log time adjustments

This patch adds two auxiliary record types that will be used to annotate the adjtimex SYSCALL records with the NTP/timekeeping values that have been changed. Next, it adds two functions to the audit interface: - audit_tk_injoffset(), which will be called whenever a timekeeping offset is injected by a syscall from userspace, - audit_ntp_adjust(), which will be called whenever an NTP internal variable is changed by a syscall from userspace. Quick reference for the fields of the new records: AUDIT_TIME_INJOFFSET sec - the 'seconds' part of the offset nsec - the 'nanoseconds' part of the offset AUDIT_TIME_ADJNTPVAL op - which value was adjusted: offset - corresponding to the time_offset variable freq - corresponding to the time_freq variable status - corresponding to the time_status variable adjust - corresponding to the time_adjust variable tick - corresponding to the tick_usec variable tai - corresponding to the timekeeping's TAI offset

old - the old value new - the new value Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com&gt; --- include/linux/audit.h | 21 +++++++++++++++++++++ include/uapi/linux/audit.h | 2 ++ kernel/auditsc.c | 15 +++++++++++++++ 3 files changed, 38 insertions(+)