Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

[linux-2.6] / include / linux / audit.h

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 8a3b98175c25b3e16f4e0a79156b37fb45e76c42..1c47c59058c1ad2573d4c77a9f4dc5912750d687 100644 (file)
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -35,7 +35,8 @@
  * 1400 - 1499 SE Linux use
  * 1500 - 1599 kernel LSPP events
  * 1600 - 1699 kernel crypto events
- * 1700 - 1999 future kernel use (maybe integrity labels and related events)
+ * 1700 - 1799 kernel anomaly records
+ * 1800 - 1999 future kernel use (maybe integrity labels and related events)
  * 2000 is for otherwise unclassified kernel audit messages (legacy)
  * 2001 - 2099 unused (kernel)
  * 2100 - 2199 user space anomaly records
@@ -90,6 +91,10 @@
 #define AUDIT_MAC_STATUS       1404    /* Changed enforcing,permissive,off */
 #define AUDIT_MAC_CONFIG_CHANGE        1405    /* Changes to booleans */
 
+#define AUDIT_FIRST_KERN_ANOM_MSG   1700
+#define AUDIT_LAST_KERN_ANOM_MSG    1799
+#define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
+
 #define AUDIT_KERNEL           2000    /* Asynchronous audit record. NOT A REQUEST. */
 
 /* Rule flags */
@@ -240,7 +245,7 @@ struct audit_rule_data {
        __u32           flags;  /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
        __u32           action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
        __u32           field_count;
-       __u32           mask[AUDIT_BITMASK_SIZE];
+       __u32           mask[AUDIT_BITMASK_SIZE]; /* syscall(s) affected */
        __u32           fields[AUDIT_MAX_FIELDS];
        __u32           values[AUDIT_MAX_FIELDS];
        __u32           fieldflags[AUDIT_MAX_FIELDS];