diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2014-04-22 21:31:57 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-04-22 21:42:27 -0400 |
commit | 451f921639fea4600dfb9ab2889332bdcc7b48d3 (patch) | |
tree | 64077829e0b9634a9dfc33558b19df3ef682ed6a /include | |
parent | 3a101b8de0d39403b2c7e5c23fd0b005668acf48 (diff) |
audit: add netlink multicast group for log read
Add a netlink multicast socket with one group to kaudit for "best-effort"
delivery to read-only userspace clients such as systemd, in addition to the
existing bidirectional unicast auditd userspace client.
Currently, auditd is intended to use the CAP_AUDIT_CONTROL and CAP_AUDIT_WRITE
capabilities, but actually uses CAP_NET_ADMIN. The CAP_AUDIT_READ capability
is added for use by read-only AUDIT_NLGRP_READLOG netlink multicast group
clients to the kaudit subsystem.
This will safely give access to services such as systemd to consume audit logs
while ensuring write access remains restricted for integrity.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/uapi/linux/audit.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 11917f747cb4..dfa4c860ccef 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -373,6 +373,14 @@ enum { */ #define AUDIT_MESSAGE_TEXT_MAX 8560 +/* Multicast Netlink socket groups (default up to 32) */ +enum audit_nlgrps { + AUDIT_NLGRP_NONE, /* Group 0 not used */ + AUDIT_NLGRP_READLOG, /* "best effort" read only socket */ + __AUDIT_NLGRP_MAX +}; +#define AUDIT_NLGRP_MAX (__AUDIT_NLGRP_MAX - 1) + struct audit_status { __u32 mask; /* Bit mask for valid entries */ __u32 enabled; /* 1 = enabled, 0 = disabled */ |