diff options
author | Jeff Layton <jlayton@redhat.com> | 2012-10-10 15:25:22 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-10-12 00:32:00 -0400 |
commit | 78e2e802a8519031e5858595070b39713e26340d (patch) | |
tree | 92f79d2039f4119a127ab59e31a2d1c9dfb892fe /include/linux/audit.h | |
parent | c43a25abba97c7d87131e71db6be24b24d7791a5 (diff) | |
download | op-kernel-dev-78e2e802a8519031e5858595070b39713e26340d.zip op-kernel-dev-78e2e802a8519031e5858595070b39713e26340d.tar.gz |
audit: add a new "type" field to audit_names struct
For now, we just have two possibilities:
UNKNOWN: for a new audit_names record that we don't know anything about yet
NORMAL: for everything else
In later patches, we'll add other types so we can distinguish and update
records created under different circumstances.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include/linux/audit.h')
-rw-r--r-- | include/linux/audit.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 8c66fc2..2640893 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -452,6 +452,11 @@ struct audit_field { extern int __init audit_register_class(int class, unsigned *list); extern int audit_classify_syscall(int abi, unsigned syscall); extern int audit_classify_arch(int arch); + +/* audit_names->type values */ +#define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ +#define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ + #ifdef CONFIG_AUDITSYSCALL /* These are defined in auditsc.c */ /* Public API */ |