From 9e0cf4082ddbefab8558ce1349e22f6f1777040d Mon Sep 17 00:00:00 2001 From: olsajiri <42811547+olsajiri@users.noreply.github.com> Date: Wed, 11 Dec 2019 17:57:39 +0100 Subject: [PATCH] Add support for AUDIT_BPF event (#104) Signed-off-by: Jiri Olsa --- ChangeLog | 1 + lib/libaudit.h | 4 ++++ lib/msg_typetab.h | 1 + 3 files changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 7837e1d22..fa03fd3f5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -81,6 +81,7 @@ - Split up ospp rules to make SCAP scanning easier (#1746018) - In audisp-syslog, support interpreting records (#1497279) - Audit USER events now sends msg as name value pair +- Add support for AUDIT_BPF event 2.8.3 - Correct msg function name in LRU debug code diff --git a/lib/libaudit.h b/lib/libaudit.h index ac22e2cee..0eea55faa 100644 --- a/lib/libaudit.h +++ b/lib/libaudit.h @@ -290,6 +290,10 @@ extern "C" { #define AUDIT_TIME_ADJNTPVAL 1333 /* NTP value adjustment */ #endif +#ifndef AUDIT_BPF +#define AUDIT_BPF 1334 /* BPF load/unload */ +#endif + #ifndef AUDIT_MAC_CALIPSO_ADD #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ #endif diff --git a/lib/msg_typetab.h b/lib/msg_typetab.h index d668f3444..81b1ea51c 100644 --- a/lib/msg_typetab.h +++ b/lib/msg_typetab.h @@ -125,6 +125,7 @@ _S(AUDIT_KERN_MODULE, "KERN_MODULE" ) _S(AUDIT_FANOTIFY, "FANOTIFY" ) _S(AUDIT_TIME_INJOFFSET, "TIME_INJOFFSET" ) _S(AUDIT_TIME_ADJNTPVAL, "TIME_ADJNTPVAL" ) +_S(AUDIT_BPF, "BPF" ) _S(AUDIT_AVC, "AVC" ) _S(AUDIT_SELINUX_ERR, "SELINUX_ERR" ) _S(AUDIT_AVC_PATH, "AVC_PATH" )