diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2017-02-04 13:10:38 -0500 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2017-02-13 16:17:13 -0500 |
commit | ca86cad7380e373fa17bc0ee8aff121380323e69 (patch) | |
tree | 68407211f533b1e8c30ce3ffc60206347d3811af /kernel/audit.h | |
parent | 62bc306e2083436675e33b5bdeb6a77907d35971 (diff) |
audit: log module name on init_module
This adds a new auxiliary record MODULE_INIT to the SYSCALL event.
We get finit_module for free since it made most sense to hook this in to
load_module().
https://github.com/linux-audit/audit-kernel/issues/7
https://github.com/linux-audit/audit-kernel/wiki/RFE-Module-Load-Record-Format
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Acked-by: Jessica Yu <jeyu@redhat.com>
[PM: corrected links in the commit description]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/audit.h')
-rw-r--r-- | kernel/audit.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/kernel/audit.h b/kernel/audit.h index 431444c3708b..144b7ebd2deb 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -199,6 +199,9 @@ struct audit_context { struct { int argc; } execve; + struct { + char *name; + } module; }; int fds[2]; struct audit_proctitle proctitle; |