add REDIRECT

hc

2024-10-09 05e59e5fb0064c97a1c10921ecd549f2d4a58565

 kernel/include/uapi/linux/audit.h
..
..
@@ -114,6 +114,10 @@
114
114
 #define AUDIT_REPLACE		1329	/* Replace auditd if this packet unanswerd */
115
115
 #define AUDIT_KERN_MODULE	1330	/* Kernel Module events */
116
116
 #define AUDIT_FANOTIFY		1331	/* Fanotify access decision */
117
+#define AUDIT_TIME_INJOFFSET	1332	/* Timekeeping offset injected */
118
+#define AUDIT_TIME_ADJNTPVAL	1333	/* NTP value adjustment */
119
+#define AUDIT_BPF		1334	/* BPF subsystem */
120
+#define AUDIT_EVENT_LISTENER	1335	/* Task joined multicast read socket */
117
121
 
118
122
 #define AUDIT_AVC		1400	/* SE Linux avc denial or grant */
119
123
 #define AUDIT_SELINUX_ERR	1401	/* Internal SE Linux Errors */
..
..
@@ -141,6 +145,7 @@
141
145
 #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
142
146
 #define AUDIT_ANOM_ABEND            1701 /* Process ended abnormally */
143
147
 #define AUDIT_ANOM_LINK		    1702 /* Suspicious use of file links */
148
+#define AUDIT_ANOM_CREAT	    1703 /* Suspicious file creation */
144
149
 #define AUDIT_INTEGRITY_DATA	    1800 /* Data integrity verification */
145
150
 #define AUDIT_INTEGRITY_METADATA    1801 /* Metadata integrity verification */
146
151
 #define AUDIT_INTEGRITY_STATUS	    1802 /* Integrity enable status */
..
..
@@ -177,7 +182,7 @@
177
182
 #define AUDIT_MAX_KEY_LEN  256
178
183
 #define AUDIT_BITMASK_SIZE 64
179
184
 #define AUDIT_WORD(nr) ((__u32)((nr)/32))
180
-#define AUDIT_BIT(nr)  (1 << ((nr) - AUDIT_WORD(nr)*32))
185
+#define AUDIT_BIT(nr)  (1U << ((nr) - AUDIT_WORD(nr)*32))
181
186
 
182
187
 #define AUDIT_SYSCALL_CLASSES 16
183
188
 #define AUDIT_CLASS_DIR_WRITE 0
..
..
@@ -279,6 +284,7 @@
279
284
 #define AUDIT_OBJ_GID	110
280
285
 #define AUDIT_FIELD_COMPARE	111
281
286
 #define AUDIT_EXE	112
287
+#define AUDIT_SADDR_FAM	113
282
288
 
283
289
 #define AUDIT_ARG0      200
284
290
 #define AUDIT_ARG1      (AUDIT_ARG0+1)
..
..
@@ -327,14 +333,15 @@
327
333
 };
328
334
 
329
335
 /* Status symbols */
330
-				/* Mask values */
331
-#define AUDIT_STATUS_ENABLED		0x0001
332
-#define AUDIT_STATUS_FAILURE		0x0002
333
-#define AUDIT_STATUS_PID		0x0004
336
+						/* Mask values */
337
+#define AUDIT_STATUS_ENABLED			0x0001
338
+#define AUDIT_STATUS_FAILURE			0x0002
339
+#define AUDIT_STATUS_PID			0x0004
334
340
 #define AUDIT_STATUS_RATE_LIMIT		0x0008
335
-#define AUDIT_STATUS_BACKLOG_LIMIT	0x0010
336
-#define AUDIT_STATUS_BACKLOG_WAIT_TIME	0x0020
337
-#define AUDIT_STATUS_LOST		0x0040
341
+#define AUDIT_STATUS_BACKLOG_LIMIT		0x0010
342
+#define AUDIT_STATUS_BACKLOG_WAIT_TIME		0x0020
343
+#define AUDIT_STATUS_LOST			0x0040
344
+#define AUDIT_STATUS_BACKLOG_WAIT_TIME_ACTUAL	0x0080
338
345
 
339
346
 #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT	0x00000001
340
347
 #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME	0x00000002
..
..
@@ -375,10 +382,19 @@
375
382
 
376
383
 #define AUDIT_ARCH_AARCH64	(EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
377
384
 #define AUDIT_ARCH_ALPHA	(EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
385
+#define AUDIT_ARCH_ARCOMPACT	(EM_ARCOMPACT|__AUDIT_ARCH_LE)
386
+#define AUDIT_ARCH_ARCOMPACTBE	(EM_ARCOMPACT)
387
+#define AUDIT_ARCH_ARCV2	(EM_ARCV2|__AUDIT_ARCH_LE)
388
+#define AUDIT_ARCH_ARCV2BE	(EM_ARCV2)
378
389
 #define AUDIT_ARCH_ARM		(EM_ARM|__AUDIT_ARCH_LE)
379
390
 #define AUDIT_ARCH_ARMEB	(EM_ARM)
391
+#define AUDIT_ARCH_C6X		(EM_TI_C6000|__AUDIT_ARCH_LE)
392
+#define AUDIT_ARCH_C6XBE	(EM_TI_C6000)
380
393
 #define AUDIT_ARCH_CRIS		(EM_CRIS|__AUDIT_ARCH_LE)
394
+#define AUDIT_ARCH_CSKY		(EM_CSKY|__AUDIT_ARCH_LE)
381
395
 #define AUDIT_ARCH_FRV		(EM_FRV)
396
+#define AUDIT_ARCH_H8300	(EM_H8_300)
397
+#define AUDIT_ARCH_HEXAGON	(EM_HEXAGON)
382
398
 #define AUDIT_ARCH_I386		(EM_386|__AUDIT_ARCH_LE)
383
399
 #define AUDIT_ARCH_IA64		(EM_IA_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
384
400
 #define AUDIT_ARCH_M32R		(EM_M32R)
..
..
@@ -392,6 +408,9 @@
392
408
 #define AUDIT_ARCH_MIPSEL64	(EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
393
409
 #define AUDIT_ARCH_MIPSEL64N32	(EM_MIPS|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE|\
394
410
 				 __AUDIT_ARCH_CONVENTION_MIPS64_N32)
411
+#define AUDIT_ARCH_NDS32	(EM_NDS32|__AUDIT_ARCH_LE)
412
+#define AUDIT_ARCH_NDS32BE	(EM_NDS32)
413
+#define AUDIT_ARCH_NIOS2	(EM_ALTERA_NIOS2|__AUDIT_ARCH_LE)
395
414
 #define AUDIT_ARCH_OPENRISC	(EM_OPENRISC)
396
415
 #define AUDIT_ARCH_PARISC	(EM_PARISC)
397
416
 #define AUDIT_ARCH_PARISC64	(EM_PARISC|__AUDIT_ARCH_64BIT)
..
..
@@ -399,6 +418,8 @@
399
418
 /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */
400
419
 #define AUDIT_ARCH_PPC64	(EM_PPC64|__AUDIT_ARCH_64BIT)
401
420
 #define AUDIT_ARCH_PPC64LE	(EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
421
+#define AUDIT_ARCH_RISCV32	(EM_RISCV|__AUDIT_ARCH_LE)
422
+#define AUDIT_ARCH_RISCV64	(EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
402
423
 #define AUDIT_ARCH_S390		(EM_S390)
403
424
 #define AUDIT_ARCH_S390X	(EM_S390|__AUDIT_ARCH_64BIT)
404
425
 #define AUDIT_ARCH_SH		(EM_SH)
..
..
@@ -410,7 +431,9 @@
410
431
 #define AUDIT_ARCH_TILEGX	(EM_TILEGX|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
411
432
 #define AUDIT_ARCH_TILEGX32	(EM_TILEGX|__AUDIT_ARCH_LE)
412
433
 #define AUDIT_ARCH_TILEPRO	(EM_TILEPRO|__AUDIT_ARCH_LE)
434
+#define AUDIT_ARCH_UNICORE	(EM_UNICORE|__AUDIT_ARCH_LE)
413
435
 #define AUDIT_ARCH_X86_64	(EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
436
+#define AUDIT_ARCH_XTENSA	(EM_XTENSA)
414
437
 
415
438
 #define AUDIT_PERM_EXEC		1
416
439
 #define AUDIT_PERM_WRITE	2
..
..
@@ -445,6 +468,9 @@
445
468
 		__u32	feature_bitmap;	/* bitmap of kernel audit features */
446
469
 	};
447
470
 	__u32		backlog_wait_time;/* message queue wait timeout */
471
+	__u32           backlog_wait_time_actual;/* time spent waiting while
472
+						  * message limit exceeded
473
+						  */
448
474
 };
449
475
 
450
476
 struct audit_features {