This defines the message number for the audit container identifier
registration record should the kernel headers not be up to date, gives
the record number a name for printing and allows the record to be
interpreted since it is in the 1000 range like AUDIT_LOGIN.
See:
https://github.com/linux-audit/audit-userspace/issues/51
See:
https://github.com/linux-audit/audit-kernel/issues/90
See:
https://github.com/linux-audit/audit-testsuite/issues/64
See:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
lib/libaudit.h | 4 ++++
lib/msg_typetab.h | 1 +
lib/netlink.c | 1 +
3 files changed, 6 insertions(+)
diff --git a/lib/libaudit.h b/lib/libaudit.h
index 8e8dc5718350..06d2e59c55aa 100644
--- a/lib/libaudit.h
+++ b/lib/libaudit.h
@@ -246,6 +246,10 @@ extern "C" {
#define AUDIT_GET_FEATURE 1019 /* Get which features are enabled */
#endif
+#ifndef AUDIT_CONTAINER_OP
+#define AUDIT_CONTAINER_OP 1020 /* Container creation notice */
+#endif
+
#ifndef AUDIT_MMAP
#define AUDIT_MMAP 1323 /* Descriptor and flags in mmap */
#endif
diff --git a/lib/msg_typetab.h b/lib/msg_typetab.h
index d668f34444b5..00cb5c134bf6 100644
--- a/lib/msg_typetab.h
+++ b/lib/msg_typetab.h
@@ -44,6 +44,7 @@ _S(AUDIT_LOGIN, "LOGIN"
)
//_S(AUDIT_TTY_SET, "TTY_SET" )
//_S(AUDIT_SET_FEATURE, "SET_FEATURE" )
//_S(AUDIT_GET_FEATURE, "GET_FEATURE" )
+_S(AUDIT_CONTAINER_OP, "CONTAINER_OP" )
_S(AUDIT_USER_AUTH, "USER_AUTH" )
_S(AUDIT_USER_ACCT, "USER_ACCT" )
_S(AUDIT_USER_MGMT, "USER_MGMT" )
diff --git a/lib/netlink.c b/lib/netlink.c
index 5b2028fda7e8..caa963b1ddb2 100644
--- a/lib/netlink.c
+++ b/lib/netlink.c
@@ -184,6 +184,7 @@ static int adjust_reply(struct audit_reply *rep, int len)
break;
case AUDIT_USER:
case AUDIT_LOGIN:
+ case AUDIT_CONTAINER_OP:
case AUDIT_KERNEL:
case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2:
--
1.8.3.1