diff options
| author | Richard Guy Briggs <rgb@redhat.com> | 2017-02-04 13:10:38 -0500 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2017-02-13 16:17:13 -0500 |
| commit | ca86cad7380e373fa17bc0ee8aff121380323e69 (patch) | |
| tree | 68407211f533b1e8c30ce3ffc60206347d3811af /kernel/audit.h | |
| parent | 62bc306e2083436675e33b5bdeb6a77907d35971 (diff) | |
| download | linux-ca86cad7380e373fa17bc0ee8aff121380323e69.tar.gz | |
audit: log module name on init_module
This adds a new auxiliary record MODULE_INIT to the SYSCALL event. We get finit_module for free since it made most sense to hook this in to load_module(). https://github.com/linux-audit/audit-kernel/issues/7 https://github.com/linux-audit/audit-kernel/wiki/RFE-Module-Load-Record-Format Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Acked-by: Jessica Yu <jeyu@redhat.com> [PM: corrected links in the commit description] Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/audit.h')
| -rw-r--r-- | kernel/audit.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/kernel/audit.h b/kernel/audit.h index 431444c3708b..144b7ebd2deb 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -199,6 +199,9 @@ struct audit_context { struct { int argc; } execve; + struct { + char *name; + } module; }; int fds[2]; struct audit_proctitle proctitle; |