integrity: audit update Based on discussions on linux-audit, as per Steve Grubb's request http://lkml.org/lkml/2009/2/6/269, the following changes were made: - forced audit result to be either 0 or 1. - made template names const - Added new stand-alone message type: AUDIT_INTEGRITY_RULE Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: 523979adfa0b79d4e3aa053220c37a9233294206 [log] [tgz]
author: Mimi Zohar <zohar@linux.vnet.ibm.com> Wed Feb 11 11:12:28 2009 -0500
committer: James Morris <jmorris@namei.org> Thu Feb 12 09:40:14 2009 +1100
tree: 15ff42f935f9d443220edb118f3980432f924360
parent: ed850a52af971528b048812c4215cef298af0d3b [diff] [blame]
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 930939a..4fa2810 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h

@@ -36,7 +36,8 @@
  * 1500 - 1599 kernel LSPP events
  * 1600 - 1699 kernel crypto events
  * 1700 - 1799 kernel anomaly records
- * 1800 - 1999 future kernel use (maybe integrity labels and related events)
+ * 1800 - 1899 kernel integrity events
+ * 1900 - 1999 future kernel use
  * 2000 is for otherwise unclassified kernel audit messages (legacy)
  * 2001 - 2099 unused (kernel)
  * 2100 - 2199 user space anomaly records
@@ -130,6 +131,7 @@
 #define AUDIT_INTEGRITY_STATUS	    1802 /* Integrity enable status */
 #define AUDIT_INTEGRITY_HASH	    1803 /* Integrity HASH type */
 #define AUDIT_INTEGRITY_PCR	    1804 /* PCR invalidation msgs */
+#define AUDIT_INTEGRITY_RULE	    1805 /* policy rule */
 
 #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
commit	523979adfa0b79d4e3aa053220c37a9233294206	[log] [tgz]
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	Wed Feb 11 11:12:28 2009 -0500
committer	James Morris <jmorris@namei.org>	Thu Feb 12 09:40:14 2009 +1100
tree	15ff42f935f9d443220edb118f3980432f924360
parent	ed850a52af971528b048812c4215cef298af0d3b [diff] [blame]