audit/SOURCES/audit-3.0-bpf-record.patch
2021-09-09 14:52:17 +00:00

39 lines
1.5 KiB
Diff

From 9e0cf4082ddbefab8558ce1349e22f6f1777040d Mon Sep 17 00:00:00 2001
From: olsajiri <42811547+olsajiri@users.noreply.github.com>
Date: Wed, 11 Dec 2019 17:57:39 +0100
Subject: [PATCH] Add support for AUDIT_BPF event (#104)
Signed-off-by: Jiri Olsa <jolsa@redhat.com>
---
lib/libaudit.h | 4 ++++
lib/msg_typetab.h | 1 +
2 files changed, 5 insertions(+)
diff --git a/lib/libaudit.h b/lib/libaudit.h
index ac22e2c..0eea55f 100644
--- a/lib/libaudit.h
+++ b/lib/libaudit.h
@@ -290,6 +290,10 @@ extern "C" {
#define AUDIT_TIME_ADJNTPVAL 1333 /* NTP value adjustment */
#endif
+#ifndef AUDIT_BPF
+#define AUDIT_BPF 1334 /* BPF load/unload */
+#endif
+
#ifndef AUDIT_MAC_CALIPSO_ADD
#define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */
#endif
diff --git a/lib/msg_typetab.h b/lib/msg_typetab.h
index d668f34..81b1ea5 100644
--- a/lib/msg_typetab.h
+++ b/lib/msg_typetab.h
@@ -125,6 +125,7 @@ _S(AUDIT_KERN_MODULE, "KERN_MODULE" )
_S(AUDIT_FANOTIFY, "FANOTIFY" )
_S(AUDIT_TIME_INJOFFSET, "TIME_INJOFFSET" )
_S(AUDIT_TIME_ADJNTPVAL, "TIME_ADJNTPVAL" )
+_S(AUDIT_BPF, "BPF" )
_S(AUDIT_AVC, "AVC" )
_S(AUDIT_SELINUX_ERR, "SELINUX_ERR" )
_S(AUDIT_AVC_PATH, "AVC_PATH" )