Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 92c82e8a authored by Richard Guy Briggs's avatar Richard Guy Briggs Committed by Paul Moore
Browse files

audit: add feature audit_lost reset 

Add a method to reset the audit_lost value.

An AUDIT_SET message with the AUDIT_STATUS_LOST flag set by itself
will return a positive value repesenting the current audit_lost value
and reset the counter to zero.  If AUDIT_STATUS_LOST is not the
only flag set, the reset command will be ignored.  The value sent with
the command is ignored.  The return value will be the +ve lost value at
reset time.

An AUDIT_CONFIG_CHANGE message will be queued to the listening audit
daemon.  The message will be a standard CONFIG_CHANGE message with the
fields "lost=0" and "old=" with the latter containing the value of
audit_lost at reset time.

See: https://github.com/linux-audit/audit-kernel/issues/3



Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
Acked-by: default avatarSteve Grubb <sgrubb@redhat.com>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 89670aff

include/uapi/linux/audit.h

+5 −1
Original line number Diff line number Diff line
@@ -326,15 +326,19 @@ enum { 
#define AUDIT_STATUS_RATE_LIMIT		0x0008

#define AUDIT_STATUS_BACKLOG_LIMIT	0x0010

#define AUDIT_STATUS_BACKLOG_WAIT_TIME	0x0020

#define AUDIT_STATUS_LOST		0x0040



#define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT	0x00000001

#define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME	0x00000002

#define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH	0x00000004

#define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER	0x00000010

#define AUDIT_FEATURE_BITMAP_LOST_RESET		0x00000020



#define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \

				  AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \

				  AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \

				  AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)

				  AUDIT_FEATURE_BITMAP_SESSIONID_FILTER | \

				  AUDIT_FEATURE_BITMAP_LOST_RESET)



/* deprecated: AUDIT_VERSION_* */

#define AUDIT_VERSION_LATEST 		AUDIT_FEATURE_BITMAP_ALL

kernel/audit.c

+7 −1
Original line number Diff line number Diff line
@@ -1052,6 +1052,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 
			if (err < 0)

				return err;

		}

		if (s.mask == AUDIT_STATUS_LOST) {

			u32 lost = atomic_xchg(&audit_lost, 0);



			audit_log_config_change("lost", 0, lost, 1);

			return lost;

		}

		break;

	}

	case AUDIT_GET_FEATURE: