* [PATCH] field-dictionary.csv: Add errno to audit message field dictionary
@ 2020-08-10 1:02 Lakshmi Ramasubramanian
2020-08-12 0:53 ` Paul Moore
0 siblings, 1 reply; 2+ messages in thread
From: Lakshmi Ramasubramanian @ 2020-08-10 1:02 UTC (permalink / raw)
To: zohar, sgrubb, paul; +Cc: linux-integrity, linux-audit
Error code was not included in the audit messages logged by
the integrity subsystem in the Linux kernel.
commit 2f845882ecd2 in https://github.com/torvalds/linux tree added
"errno" field in the audit messages logged by the integrity subsystem.
The "errno" field will be set to 0 when the operation was completed
successfully, and on failure a non-zero error code is set in this field
in the audit message.
Add the documentation for the "errno" field in the audit message
field dictionary.
Sample audit message from the integrity subsystem with errno field:
[ 6.303048] audit: type=1804 audit(1592506281.627:2): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel op=measuring_key cause=ENOMEM comm="swapper/0" name=".builtin_trusted_keys" res=0 errno=-12
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
---
specs/fields/field-dictionary.csv | 1 +
1 file changed, 1 insertion(+)
diff --git a/specs/fields/field-dictionary.csv b/specs/fields/field-dictionary.csv
index 055ff79..5117e25 100644
--- a/specs/fields/field-dictionary.csv
+++ b/specs/fields/field-dictionary.csv
@@ -49,6 +49,7 @@ dport,numeric,remote port number,
egid,numeric,effective group ID,
enforcing,numeric,new MAC enforcement status,
entries,numeric,number of entries in the netfilter table,
+errno,numeric,error code of the audited operation,
euid,numeric,effective user ID,
exe,encoded,executable name,
exit,numeric,syscall exit code,
--
2.28.0
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] field-dictionary.csv: Add errno to audit message field dictionary
2020-08-10 1:02 [PATCH] field-dictionary.csv: Add errno to audit message field dictionary Lakshmi Ramasubramanian
@ 2020-08-12 0:53 ` Paul Moore
0 siblings, 0 replies; 2+ messages in thread
From: Paul Moore @ 2020-08-12 0:53 UTC (permalink / raw)
To: Lakshmi Ramasubramanian; +Cc: linux-integrity, zohar, linux-audit
On Sun, Aug 9, 2020 at 9:02 PM Lakshmi Ramasubramanian
<nramas@linux.microsoft.com> wrote:
>
> Error code was not included in the audit messages logged by
> the integrity subsystem in the Linux kernel.
>
> commit 2f845882ecd2 in https://github.com/torvalds/linux tree added
> "errno" field in the audit messages logged by the integrity subsystem.
> The "errno" field will be set to 0 when the operation was completed
> successfully, and on failure a non-zero error code is set in this field
> in the audit message.
>
> Add the documentation for the "errno" field in the audit message
> field dictionary.
>
> Sample audit message from the integrity subsystem with errno field:
>
> [ 6.303048] audit: type=1804 audit(1592506281.627:2): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel op=measuring_key cause=ENOMEM comm="swapper/0" name=".builtin_trusted_keys" res=0 errno=-12
>
> Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
> ---
> specs/fields/field-dictionary.csv | 1 +
> 1 file changed, 1 insertion(+)
Merged. Thanks for following up with this.
--
paul moore
www.paul-moore.com
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-08-12 0:53 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-10 1:02 [PATCH] field-dictionary.csv: Add errno to audit message field dictionary Lakshmi Ramasubramanian
2020-08-12 0:53 ` Paul Moore
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).