refs/tags/fsnotify_for_v6.3-rc1 - pub/scm/linux/kernel/git/jack/linux-fs

tag	61fb2f7719bc3fadbcfa4cf91d3242615c9bf431
tagger	Jan Kara <jack@suse.cz>	Fri Feb 17 12:27:24 2023 +0100
object	032bffd494e3924cc8b854b696ef9b5b7396b883

\n

commit	032bffd494e3924cc8b854b696ef9b5b7396b883	[log] [tgz]
author	Richard Guy Briggs <rgb@redhat.com>	Fri Feb 03 16:35:16 2023 -0500
committer	Jan Kara <jack@suse.cz>	Tue Feb 07 12:53:53 2023 +0100
tree	9bb5dde3f1e058dfbbad2945ab92ffb3624049a4
parent	70529a199574c15a40f46b14256633b02ba10ca2 [diff]

fanotify,audit: Allow audit to use the full permission event response

This patch passes the full response so that the audit function can use all
of it. The audit function was updated to log the additional information in
the AUDIT_FANOTIFY record.

Currently the only type of fanotify info that is defined is an audit
rule number, but convert it to hex encoding to future-proof the field.
Hex encoding suggested by Paul Moore <paul@paul-moore.com>.

The {subj,obj}_trust values are {0,1,2}, corresponding to no, yes, unknown.

Sample records:
  type=FANOTIFY msg=audit(1600385147.372:590): resp=2 fan_type=1 fan_info=3137 subj_trust=3 obj_trust=5
  type=FANOTIFY msg=audit(1659730979.839:284): resp=1 fan_type=0 fan_info=0 subj_trust=2 obj_trust=2

Suggested-by: Steve Grubb <sgrubb@redhat.com>
Link: https://lore.kernel.org/r/3075502.aeNJFYEL58@x2
Tested-by: Steve Grubb <sgrubb@redhat.com>
Acked-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <bcb6d552e517b8751ece153e516d8b073459069c.1675373475.git.rgb@redhat.com>

3 files changed

tree: 9bb5dde3f1e058dfbbad2945ab92ffb3624049a4