git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Richard Guy Briggs <rgb@redhat.com>
	Fri, 13 Jan 2017 08:26:29 +0000 (03:26 -0500)
committer	Paul Moore <paul@paul-moore.com>
	Wed, 18 Jan 2017 19:32:52 +0000 (14:32 -0500)
commit	92c82e8a322b32a6cabe7d8800dc10401157a623
tree	32efb225fd981c63024087f030165baeb37e761c	tree \| snapshot
parent	89670affa2a62c4868a2dd8a4195a1a2ec58cb27	commit \| diff

audit: add feature audit_lost reset

Add a method to reset the audit_lost value.

An AUDIT_SET message with the AUDIT_STATUS_LOST flag set by itself
will return a positive value repesenting the current audit_lost value
and reset the counter to zero.  If AUDIT_STATUS_LOST is not the
only flag set, the reset command will be ignored.  The value sent with
the command is ignored.  The return value will be the +ve lost value at
reset time.

An AUDIT_CONFIG_CHANGE message will be queued to the listening audit
daemon.  The message will be a standard CONFIG_CHANGE message with the
fields "lost=0" and "old=" with the latter containing the value of
audit_lost at reset time.

See: https://github.com/linux-audit/audit-kernel/issues/3

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Acked-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

include/uapi/linux/audit.h		diff \| blob \| history
kernel/audit.c		diff \| blob \| history