| commit | ca86cad7380e373fa17bc0ee8aff121380323e69 | [log] [tgz] |
|---|---|---|
| author | Richard Guy Briggs <rgb@redhat.com> | Sat Feb 04 13:10:38 2017 -0500 |
| committer | Paul Moore <paul@paul-moore.com> | Mon Feb 13 16:17:13 2017 -0500 |
| tree | 68407211f533b1e8c30ce3ffc60206347d3811af | |
| parent | 62bc306e2083436675e33b5bdeb6a77907d35971 [diff] [blame] |
audit: log module name on init_module This adds a new auxiliary record MODULE_INIT to the SYSCALL event. We get finit_module for free since it made most sense to hook this in to load_module(). https://github.com/linux-audit/audit-kernel/issues/7 https://github.com/linux-audit/audit-kernel/wiki/RFE-Module-Load-Record-Format Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Acked-by: Jessica Yu <jeyu@redhat.com> [PM: corrected links in the commit description] Signed-off-by: Paul Moore <paul@paul-moore.com>
diff --git a/kernel/audit.h b/kernel/audit.h index 431444c..144b7eb 100644 --- a/kernel/audit.h +++ b/kernel/audit.h
@@ -199,6 +199,9 @@ struct { int argc; } execve; + struct { + char *name; + } module; }; int fds[2]; struct audit_proctitle proctitle;