TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
de8cd83e91
twx-linux/include/uapi/linux
History
Steve Grubb de8cd83e91 audit: Record fanotify access control decisions 
The fanotify interface allows user space daemons to make access
control decisions. Under common criteria requirements, we need to
optionally record decisions based on policy. This patch adds a bit mask,
FAN_AUDIT, that a user space daemon can 'or' into the response decision
which will tell the kernel that it made a decision and record it.

It would be used something like this in user space code:

  response.response = FAN_DENY | FAN_AUDIT;
  write(fd, &response, sizeof(struct fanotify_response));

When the syscall ends, the audit system will record the decision as a
AUDIT_FANOTIFY auxiliary record to denote that the reason this event
occurred is the result of an access control decision from fanotify
rather than DAC or MAC policy.

A sample event looks like this:

type=PATH msg=audit(1504310584.332:290): item=0 name="./evil-ls"
inode=1319561 dev=fc:03 mode=0100755 ouid=1000 ogid=1000 rdev=00:00
obj=unconfined_u:object_r:user_home_t:s0 nametype=NORMAL
type=CWD msg=audit(1504310584.332:290): cwd="/home/sgrubb"
type=SYSCALL msg=audit(1504310584.332:290): arch=c000003e syscall=2
success=no exit=-1 a0=32cb3fca90 a1=0 a2=43 a3=8 items=1 ppid=901
pid=959 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000
fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=3 comm="bash"
exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:
s0-s0:c0.c1023 key=(null)
type=FANOTIFY msg=audit(1504310584.332:290): resp=2

Prior to using the audit flag, the developer needs to call
fanotify_init or'ing in FAN_ENABLE_AUDIT to ensure that the kernel
supports auditing. The calling process must also have the CAP_AUDIT_WRITE
capability.

Signed-off-by: sgrubb <sgrubb@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
2017-10-10 13:18:06 +02:00
..
android ANDROID: binder: Add BINDER_GET_NODE_DEBUG_INFO ioctl 2017-09-01 09:21:12 +02:00
byteorder
caif
can
cifs
dvb media: dvb headers: make checkpatch happier 2017-09-05 07:10:24 -04:00
genwqe
hdlc
hsi
iio
isdn
mmc
netfilter netfilter: nft_limit: add stateful object type 2017-09-04 13:25:16 +02:00
netfilter_arp
netfilter_bridge
netfilter_ipv4
netfilter_ipv6
nfsd
raid md: Runtime support for multiple ppls 2017-08-28 07:45:48 -07:00
sched sched/headers/uapi: Fix linux/sched/types.h userspace compilation errors 2017-07-08 11:17:55 +02:00
spi
sunrpc
tc_act bpf: expose prog id for cls_bpf and act_bpf 2017-06-21 15:14:23 -04:00
tc_ematch
usb USB: fix out-of-bounds in usb_set_configuration 2017-09-19 17:27:16 +02:00
wimax
a.out.h uapi/linux/a.out.h: don't use deprecated system-specific predefines. 2017-06-30 13:53:07 -07:00
acct.h
adb.h
adfs_fs.h
affs_hardblocks.h
agpgart.h
aio_abi.h annotate RWF_... flags 2017-08-31 17:32:38 -04:00
am437x-vpfe.h
apm_bios.h
arcfb.h
aspeed-lpc-ctrl.h
atalk.h
atm_eni.h
atm_he.h
atm_idt77105.h
atm_nicstar.h
atm_tcp.h
atm_zatm.h
atm.h
atmapi.h
atmarp.h
atmbr2684.h
atmclip.h
atmdev.h
atmioc.h
atmlec.h
atmmpc.h
atmppp.h
atmsap.h
atmsvc.h
audit.h audit: Record fanotify access control decisions 2017-10-10 13:18:06 +02:00
auto_dev-ioctl.h autofs: make dev ioctl version and ismountpoint user accessible 2017-09-08 18:26:50 -07:00
auto_fs4.h autofs: remove unused AUTOFS_IOC_EXPIRE_DIRECT/INDIRECT 2017-09-08 18:26:50 -07:00
auto_fs.h Fix up over-eager 'wait_queue_t' renaming 2017-07-10 11:40:19 -07:00
auxvec.h
ax25.h
b1lli.h
batman_adv.h
baycom.h
bcache.h
bcm933xx_hcs.h
bfs_fs.h
binfmts.h
blkpg.h
blktrace_api.h blktrace: export cgroup info in trace 2017-07-29 09:00:03 -06:00
blkzoned.h
bpf_common.h
bpf_perf_event.h
bpf.h bpf: fix bpf_tail_call() x64 JIT 2017-10-03 16:04:44 -07:00
bpqether.h
bsg.h
bt-bmc.h
btrfs_tree.h
btrfs.h btrfs: Add zstd support 2017-08-15 09:02:09 -07:00
can.h
capability.h Introduce v3 namespaced file capabilities 2017-09-01 14:57:15 -05:00
capi.h
cciss_defs.h
cciss_ioctl.h
cdrom.h
cec-funcs.h media: cec-funcs.h: cec_ops_report_features: set *dev_features to NULL 2017-08-09 09:36:13 -04:00
cec.h media: cec: rename pin events/function 2017-08-20 08:14:03 -04:00
cgroupstats.h
chio.h
cm4000_cs.h
cn_proc.h
coda_psdev.h
coda.h
coff.h
connector.h
const.h
coresight-stm.h
cramfs_fs.h
cryptouser.h
cuda.h
cyclades.h
cycx_cfm.h
dcbnl.h
dccp.h
devlink.h devlink: Add IPv6 header for dpipe 2017-08-31 14:42:19 -07:00
dlm_device.h
dlm_netlink.h uapi linux/dlm_netlink.h: include linux/dlmconstants.h 2017-08-07 11:23:09 -05:00
dlm_plock.h
dlm.h
dlmconstants.h
dm-ioctl.h dm ioctl: fix alignment of event number in the device list 2017-09-25 11:18:29 -04:00
dm-log-userspace.h
dma-buf.h
dn.h
dqblk_xfs.h
edd.h
efs_fs_sb.h
elf-em.h
elf-fdpic.h
elf.h
elfcore.h
errno.h
errqueue.h sock: add MSG_ZEROCOPY 2017-08-03 21:37:29 -07:00
ethtool.h net: ethtool: Add back transceiver type 2017-09-21 15:20:40 -07:00
eventpoll.h
fadvise.h
falloc.h
fanotify.h audit: Record fanotify access control decisions 2017-10-10 13:18:06 +02:00
fb.h
fcntl.h fs: add fcntl() interface for setting/getting write life time hints 2017-06-27 12:05:22 -06:00
fd.h
fdreg.h
fib_rules.h
fiemap.h
filter.h
firewire-cdev.h
firewire-constants.h
flat.h
fou.h
fs.h annotate RWF_... flags 2017-08-31 17:32:38 -04:00
fsl_hypervisor.h
fsmap.h fsmap: fix documentation of FMR_OF_LAST 2017-09-01 13:08:26 -07:00
fuse.h
futex.h
gameport.h
gen_stats.h
genetlink.h
gfs2_ondisk.h
gigaset_dev.h
gpio.h
gsmmux.h
gtp.h
hash_info.h
hdlc.h
hdlcdrv.h
hdreg.h
hid.h
hiddev.h
hidraw.h
hpet.h
hsr_netlink.h
hw_breakpoint.h
hyperv.h
hysdn_if.h
i2c-dev.h
i2c.h
i2o-dev.h
i8k.h
icmp.h
icmpv6.h
if_addr.h
if_addrlabel.h
if_alg.h
if_arcnet.h
if_arp.h net: arp: Add support for raw IP device 2017-08-30 11:41:13 -07:00
if_bonding.h
if_bridge.h
if_cablemodem.h
if_eql.h
if_ether.h net: ether: Add support for multiplexing and aggregation type 2017-08-30 11:41:13 -07:00
if_fc.h
if_fddi.h
if_frad.h
if_hippi.h
if_infiniband.h
if_link.h xdp: add reporting of offload mode 2017-06-23 13:42:20 -04:00
if_ltalk.h
if_macsec.h
if_packet.h
if_phonet.h
if_plip.h
if_ppp.h
if_pppol2tp.h
if_pppox.h
if_slip.h
if_team.h
if_tun.h
if_tunnel.h gre: introduce native tunnel support for ERSPAN 2017-08-22 14:29:30 -07:00
if_vlan.h
if_x25.h
if.h
ife.h
igmp.h
ila.h
in6.h
in_route.h
in.h
inet_diag.h tcp_diag: report TCP MD5 signing keys and addresses 2017-09-01 18:38:09 -07:00
inotify.h
input-event-codes.h Input: introduce KEY_ASSISTANT 2017-07-02 13:40:25 -07:00
input.h
ioctl.h
ip6_tunnel.h
ip_vs.h
ip.h
ipc.h
ipmi_msgdefs.h
ipmi.h
ipsec.h
ipv6_route.h ipv6: fib: Provide offload indication using nexthop flags 2017-08-15 17:05:03 -07:00
ipv6.h
ipx.h
irda.h
irqnr.h
isdn_divertif.h
isdn_ppp.h
isdn.h
isdnif.h
iso_fs.h
ivtv.h
ivtvfb.h
ixjuser.h
jffs2.h
joystick.h
Kbuild
kcm.h
kcmp.h kcmp: add KCMP_EPOLL_TFD mode to compare epoll target files 2017-07-12 16:26:01 -07:00
kcov.h
kd.h
kdev_t.h
kernel-page-flags.h
kernel.h
kernelcapi.h
kexec.h
keyboard.h
keyctl.h
kfd_ioctl.h drm/amdkfd: Implement image tiling mode support v2 2017-08-15 23:00:22 -04:00
kvm_para.h
kvm.h KVM: PPC: Book3S HV: Report storage key support to userspace 2017-08-31 12:36:44 +10:00
l2tp.h
libc-compat.h
lightnvm.h
limits.h
lirc.h
llc.h
loop.h loop: add ioctl for changing logical block size 2017-08-31 13:51:14 -06:00
lp.h
lwtunnel.h ipv6: sr: define core operations for seg6local lightweight tunnel 2017-08-07 14:16:22 -07:00
magic.h ocfs2: use magic.h 2017-07-06 16:24:30 -07:00
major.h
map_to_7segment.h
matroxfb.h
max2175.h [media] media: i2c: max2175: Add MAX2175 support 2017-06-20 07:02:43 -03:00
mdio.h
media-bus-format.h
media.h media: drop use of MEDIA_API_VERSION 2017-08-08 06:03:15 -04:00
mei.h
membarrier.h membarrier: Provide expedited private command 2017-08-17 07:28:05 -07:00
memfd.h mm/shmem: add hugetlbfs support to memfd_create() 2017-09-06 17:27:29 -07:00
mempolicy.h mm, mempolicy: simplify rebinding mempolicies when updating cpusets 2017-07-06 16:24:34 -07:00
meye.h
mic_common.h
mic_ioctl.h
mii.h
minix_fs.h
mman.h mm: arch: consolidate mmap hugetlb size encodings 2017-09-06 17:27:28 -07:00
mmtimer.h
module.h
mpls_iptunnel.h
mpls.h
mqueue.h
mroute6.h ip6mr: add netlink notifications on mrt6msg cache reports 2017-06-21 11:22:53 -04:00
mroute.h ipmr: add netlink notifications on igmpmsg cache reports 2017-06-21 11:22:52 -04:00
msdos_fs.h
msg.h
mtio.h
n_r3964.h
nbd-netlink.h
nbd.h
ncp_fs.h
ncp_mount.h
ncp_no.h
ncp.h
ndctl.h libnvdimm: clean up command definitions 2017-08-28 08:33:20 -07:00
neighbour.h
net_dropmon.h
net_namespace.h
net_tstamp.h
net.h
netconf.h
netdevice.h
netfilter_arp.h
netfilter_bridge.h
netfilter_decnet.h
netfilter_ipv4.h
netfilter_ipv6.h
netfilter.h
netlink_diag.h
netlink.h netlink: add NLM_F_NONREC flag for deletion requests 2017-09-04 17:34:54 +02:00
netrom.h
nfc.h
nfs2.h
nfs3.h
nfs4_mount.h
nfs4.h
nfs_fs.h
nfs_idmap.h
nfs_mount.h
nfs.h
nfsacl.h
nilfs2_api.h
nilfs2_ondisk.h
nl80211.h nl80211: Don't verify owner_nlportid on NAN commands 2017-06-30 09:44:17 +03:00
nsfs.h
nubus.h
nvme_ioctl.h
nvram.h
omap3isp.h
omapfb.h
oom.h
openvswitch.h
packet_diag.h
param.h
parport.h
patchkey.h
pci_regs.h Merge branch 'pci/misc' into next 2017-09-07 13:24:16 -05:00
pci.h
pcitest.h
perf_event.h perf/core, x86: Add PERF_SAMPLE_PHYS_ADDR 2017-08-29 15:09:25 +02:00
personality.h
pfkeyv2.h
pg.h
phantom.h
phonet.h
pkt_cls.h bpf: expose prog id for cls_bpf and act_bpf 2017-06-21 15:14:23 -04:00
pkt_sched.h
pktcdvd.h
pmu.h
poll.h
posix_acl_xattr.h
posix_acl.h
posix_types.h
ppdev.h
ppp_defs.h
ppp-comp.h
ppp-ioctl.h
pps.h drivers/pps: aesthetic tweaks to PPS-related content 2017-09-08 18:26:51 -07:00
pr.h
prctl.h
psample.h
psci.h
ptp_clock.h
ptrace.h
qnx4_fs.h
qnxtypes.h
qrtr.h
quota.h uapi/linux/quota.h: Do not include linux/errno.h 2017-08-14 11:53:34 +02:00
radeonfb.h
random.h
raw.h
rds.h
reboot.h
reiserfs_fs.h
reiserfs_xattr.h
resource.h
rfkill.h
rio_cm_cdev.h
rio_mport_cdev.h
romfs_fs.h
rose.h
route.h
rpmsg.h
rtc.h
rtnetlink.h net sched actions: add time filter for action dumping 2017-07-30 19:28:08 -07:00
rxrpc.h rxrpc: Move the packet.h include file into net/rxrpc/ 2017-07-21 11:00:20 +01:00
scc.h
sched.h
scif_ioctl.h
screen_info.h
sctp.h sctp: Add peeloff-flags socket option 2017-07-01 15:26:11 -07:00
sdla.h
seccomp.h seccomp: Implement SECCOMP_RET_KILL_PROCESS action 2017-08-14 13:46:50 -07:00
securebits.h
sed-opal.h
seg6_genl.h
seg6_hmac.h
seg6_iptunnel.h ipv6: sr: add support for encapsulation of L2 frames 2017-08-25 17:10:23 -07:00
seg6_local.h ipv6: sr: define core operations for seg6local lightweight tunnel 2017-08-07 14:16:22 -07:00
seg6.h
selinux_netlink.h
sem.h include/linux/sem.h: correctly document sem_ctime 2017-07-12 16:26:01 -07:00
serial_core.h serial: 8250: of: Add new port type for MediaTek BTIF controller on MT7622/23 SoC 2017-08-28 20:51:22 +02:00
serial_reg.h
serial.h
serio.h
shm.h mm: shm: use new hugetlb size encoding definitions 2017-09-06 17:27:28 -07:00
signal.h
signalfd.h
smc_diag.h
smc.h
smiapp.h
snmp.h tcp: Revert "tcp: remove header prediction" 2017-08-30 11:20:09 -07:00
sock_diag.h
socket.h
sockios.h
sonet.h
sonypi.h
sound.h
soundcard.h
stat.h
stddef.h
stm.h
string.h
suspend_ioctls.h
swab.h
switchtec_ioctl.h switchtec: Add "running" status flag to fw partition info ioctl 2017-06-27 18:23:14 -05:00
sync_file.h
synclink.h
sysctl.h
sysinfo.h
target_core_user.h tcmu: perfom device add, del and reconfig synchronously 2017-07-06 23:11:39 -07:00
taskstats.h
tcp_metrics.h
tcp.h tcp_diag: report TCP MD5 signing keys and addresses 2017-09-01 18:38:09 -07:00
tee.h tee: indicate privileged dev in gen_caps 2017-08-04 10:30:27 +02:00
telephony.h
termios.h
thermal.h
time.h
timerfd.h
times.h
timex.h
tiocl.h
tipc_config.h
tipc_netlink.h
tipc.h
tls.h tls: kernel TLS support 2017-06-15 12:12:40 -04:00
toshiba.h
tty_flags.h
tty.h
types.h
udf_fs_i.h
udp.h
uhid.h
uinput.h
uio.h
uleds.h
ultrasound.h
un.h
unistd.h
unix_diag.h
usbdevice_fs.h USB: add usbfs ioctl to retrieve the connection speed 2017-06-13 10:48:24 +02:00
usbip.h
userfaultfd.h userfaultfd: provide pid in userfault msg - add feat union 2017-09-06 17:27:29 -07:00
userio.h
utime.h
utsname.h
uuid.h
uvcvideo.h
v4l2-common.h
v4l2-controls.h [media] v4l: ctrls: Add a control for digital gain 2017-06-20 08:14:34 -03:00
v4l2-dv-timings.h
v4l2-mediabus.h
v4l2-subdev.h
veth.h
vfio_ccw.h
vfio.h
vhost.h
videodev2.h media: v4l: Add packed Bayer raw12 pixel formats 2017-08-26 14:45:24 -04:00
virtio_9p.h
virtio_balloon.h
virtio_blk.h
virtio_config.h
virtio_console.h
virtio_crypto.h
virtio_gpu.h
virtio_ids.h
virtio_input.h
virtio_mmio.h
virtio_net.h
virtio_pci.h
virtio_ring.h x86/lguest: Remove lguest support 2017-08-24 09:57:28 +02:00
virtio_rng.h
virtio_scsi.h
virtio_types.h
virtio_vsock.h
vm_sockets.h
vsockmon.h
vt.h
vtpm_proxy.h tpm: vtpm_proxy: Implement request_locality function. 2017-06-13 22:02:09 +03:00
wait.h
wanrouter.h
watchdog.h
wimax.h
wireless.h
x25.h
xattr.h
xfrm.h net: xfrm: support setting an output mark. 2017-08-11 07:03:00 +02:00
xilinx-v4l2-controls.h
zorro_ids.h
zorro.h