1 files changed, 26 insertions, 0 deletions
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index db0b825b4810..44b05a09f193 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -68,6 +68,9 @@
 #define AUDIT_MAKE_EQUIV        1015    /* Append to watched tree */
 #define AUDIT_TTY_GET           1016    /* Get TTY auditing status */
 #define AUDIT_TTY_SET           1017    /* Set TTY auditing status */
+#define AUDIT_SET_FEATURE       1018    /* Turn an audit feature on or off */
+#define AUDIT_GET_FEATURE       1019    /* Get which features are enabled */
+#define AUDIT_FEATURE_CHANGE    1020    /* audit log listing feature changes */
 #define AUDIT_FIRST_USER_MSG    1100    /* Userspace messages mostly uninteresting to kernel */
 #define AUDIT_USER_AVC          1107    /* We filter this differently */
@@ -357,6 +360,12 @@ enum {
 #define AUDIT_PERM_READ         4
 #define AUDIT_PERM_ATTR         8
+/* MAX_AUDIT_MESSAGE_LENGTH is set in audit:lib/libaudit.h as:
+ * 8970 // PATH_MAX*2+CONTEXT_SIZE*2+11+256+1
+ * max header+body+tailer: 44 + 29 + 32 + 262 + 7 + pad
+ */
+#define AUDIT_MESSAGE_TEXT_MAX  8560
 struct audit_status {
        __u32           mask;           /* Bit mask for valid entries */
        __u32           enabled;        /* 1 = enabled, 0 = disabled */
@@ -368,11 +377,28 @@ struct audit_status {
        __u32           backlog;        /* messages waiting in queue */
 };
+struct audit_features {
+#define AUDIT_FEATURE_VERSION   1
+        __u32   vers;
+        __u32   mask;           /* which bits we are dealing with */
+        __u32   features;       /* which feature to enable/disable */
+        __u32   lock;           /* which features to lock */
+};
+#define AUDIT_FEATURE_ONLY_UNSET_LOGINUID       0
+#define AUDIT_FEATURE_LOGINUID_IMMUTABLE        1
+#define AUDIT_LAST_FEATURE                      AUDIT_FEATURE_LOGINUID_IMMUTABLE
+#define audit_feature_valid(x)          ((x) >= 0 && (x) <= AUDIT_LAST_FEATURE)
+#define AUDIT_FEATURE_TO_MASK(x)        (1 << ((x) & 31)) /* mask for __u32 */
 struct audit_tty_status {
        __u32           enabled;        /* 1 = enabled, 0 = disabled */
        __u32           log_passwd;     /* 1 = enabled, 0 = disabled */
 };
+#define AUDIT_UID_UNSET (unsigned int)-1
 /* audit_rule_data supports filter rules with both integer and string
 * fields.  It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and
 * AUDIT_LIST_RULES requests.

diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index db0b825b4810..44b05a09f193 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h
@@ -68,6 +68,9 @@
68	#define AUDIT_MAKE_EQUIV 1015 /* Append to watched tree */	68	#define AUDIT_MAKE_EQUIV 1015 /* Append to watched tree */
69	#define AUDIT_TTY_GET 1016 /* Get TTY auditing status */	69	#define AUDIT_TTY_GET 1016 /* Get TTY auditing status */
70	#define AUDIT_TTY_SET 1017 /* Set TTY auditing status */	70	#define AUDIT_TTY_SET 1017 /* Set TTY auditing status */
		71	#define AUDIT_SET_FEATURE 1018 /* Turn an audit feature on or off */
		72	#define AUDIT_GET_FEATURE 1019 /* Get which features are enabled */
		73	#define AUDIT_FEATURE_CHANGE 1020 /* audit log listing feature changes */
71		74
72	#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */	75	#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */
73	#define AUDIT_USER_AVC 1107 /* We filter this differently */	76	#define AUDIT_USER_AVC 1107 /* We filter this differently */
@@ -357,6 +360,12 @@ enum {
357	#define AUDIT_PERM_READ 4	360	#define AUDIT_PERM_READ 4
358	#define AUDIT_PERM_ATTR 8	361	#define AUDIT_PERM_ATTR 8
359		362
		363	/* MAX_AUDIT_MESSAGE_LENGTH is set in audit:lib/libaudit.h as:
		364	* 8970 // PATH_MAX2+CONTEXT_SIZE2+11+256+1
		365	* max header+body+tailer: 44 + 29 + 32 + 262 + 7 + pad
		366	*/
		367	#define AUDIT_MESSAGE_TEXT_MAX 8560
		368
360	struct audit_status {	369	struct audit_status {
361	__u32 mask; /* Bit mask for valid entries */	370	__u32 mask; /* Bit mask for valid entries */
362	__u32 enabled; /* 1 = enabled, 0 = disabled */	371	__u32 enabled; /* 1 = enabled, 0 = disabled */
@@ -368,11 +377,28 @@ struct audit_status {
368	__u32 backlog; /* messages waiting in queue */	377	__u32 backlog; /* messages waiting in queue */
369	};	378	};
370		379
		380	struct audit_features {
		381	#define AUDIT_FEATURE_VERSION 1
		382	__u32 vers;
		383	__u32 mask; /* which bits we are dealing with */
		384	__u32 features; /* which feature to enable/disable */
		385	__u32 lock; /* which features to lock */
		386	};
		387
		388	#define AUDIT_FEATURE_ONLY_UNSET_LOGINUID 0
		389	#define AUDIT_FEATURE_LOGINUID_IMMUTABLE 1
		390	#define AUDIT_LAST_FEATURE AUDIT_FEATURE_LOGINUID_IMMUTABLE
		391
		392	#define audit_feature_valid(x) ((x) >= 0 && (x) <= AUDIT_LAST_FEATURE)
		393	#define AUDIT_FEATURE_TO_MASK(x) (1 << ((x) & 31)) /* mask for __u32 */
		394
371	struct audit_tty_status {	395	struct audit_tty_status {
372	__u32 enabled; /* 1 = enabled, 0 = disabled */	396	__u32 enabled; /* 1 = enabled, 0 = disabled */
373	__u32 log_passwd; /* 1 = enabled, 0 = disabled */	397	__u32 log_passwd; /* 1 = enabled, 0 = disabled */
374	};	398	};
375		399
		400	#define AUDIT_UID_UNSET (unsigned int)-1
		401
376	/* audit_rule_data supports filter rules with both integer and string	402	/* audit_rule_data supports filter rules with both integer and string
377	* fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and	403	* fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and
378	* AUDIT_LIST_RULES requests.	404	* AUDIT_LIST_RULES requests.