[RFC PATCH v2 3/9] audit: dev/test patch to force io_uring auditing
Paul Moore
paul at paul-moore.com
Wed Aug 11 20:48:30 UTC 2021
WARNING - This patch is intended only to aid in the initial dev/test
of the audit/io_uring support, it is not intended to be merged.
With this patch, you can emit io_uring operation audit records with
the following commands (the first clears any blocking rules):
% auditctl -D
% auditctl -a exit,always -S io_uring_enter
Signed-off-by: DO NOT COMMIT
---
kernel/auditsc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 62fb502da3fc..928f1dd12460 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1910,6 +1910,10 @@ void __audit_uring_exit(int success, long code)
audit_log_uring(ctx);
return;
}
+#if 1
+ /* XXX - temporary hack to force record generation */
+ ctx->current_state = AUDIT_STATE_RECORD;
+#endif
/* this may generate CONFIG_CHANGE records */
if (!list_empty(&ctx->killed_trees))
More information about the Linux-security-module-archive
mailing list