blob: f03dd01806c742953bb41b58cfd669e0e03f0738 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
AUDIT_GET 1000
AUDIT_SET 1001
AUDIT_LIST 1002
AUDIT_ADD 1003
AUDIT_DEL 1004
AUDIT_USER 1005
AUDIT_LOGIN 1006
AUDIT_WATCH_INS 1007
AUDIT_WATCH_REM 1008
AUDIT_WATCH_LIST 1009
AUDIT_SIGNAL_INFO 1010
AUDIT_ADD_RULE 1011
AUDIT_DEL_RULE 1012
AUDIT_LIST_RULES 1013
AUDIT_TRIM 1014
AUDIT_MAKE_EQUIV 1015
AUDIT_TTY_GET 1016
AUDIT_TTY_SET 1017
AUDIT_SET_FEATURE 1018
AUDIT_GET_FEATURE 1019
AUDIT_FIRST_USER_MSG 1100
AUDIT_USER_AVC 1107
AUDIT_USER_TTY 1124
AUDIT_LAST_USER_MSG 1199
AUDIT_DAEMON_START 1200
AUDIT_DAEMON_END 1201
AUDIT_DAEMON_ABORT 1202
AUDIT_DAEMON_CONFIG 1203
AUDIT_SYSCALL 1300
AUDIT_FS_WATCH 1301
AUDIT_PATH 1302
AUDIT_IPC 1303
AUDIT_SOCKETCALL 1304
AUDIT_CONFIG_CHANGE 1305
AUDIT_SOCKADDR 1306
AUDIT_CWD 1307
AUDIT_EXECVE 1309
AUDIT_IPC_SET_PERM 1311
AUDIT_MQ_OPEN 1312
AUDIT_MQ_SENDRECV 1313
AUDIT_MQ_NOTIFY 1314
AUDIT_MQ_GETSETATTR 1315
AUDIT_KERNEL_OTHER 1316
AUDIT_FD_PAIR 1317
AUDIT_OBJ_PID 1318
AUDIT_TTY 1319
AUDIT_EOE 1320
AUDIT_BPRM_FCAPS 1321
AUDIT_CAPSET 1322
AUDIT_MMAP 1323
AUDIT_NETFILTER_PKT 1324
AUDIT_NETFILTER_CFG 1325
AUDIT_SECCOMP 1326
AUDIT_PROCTITLE 1327
#ifndef STRACE_WORKAROUND_FOR_AUDIT_FEATURE_CHANGE
# define STRACE_WORKAROUND_FOR_AUDIT_FEATURE_CHANGE
/*
* Linux kernel commit v3.15-rc1~18^2~1 has changed the value
* of AUDIT_FEATURE_CHANGE constant introduced by commit v3.13-rc1~19^2~20
* which is of course an ABI breakage that affected 3.13 and 3.14 kernel
* releases as well as their LTS derivatives.
* Linux kernel commit v3.15-rc1~18^2~1 also claims that the old value
* of AUDIT_FEATURE_CHANGE was ignored by userspace because of the established
* convention how netlink messages for the audit system are divided into blocks.
* Looks like the best way to handle this situation is to pretend that
* the old value of AUDIT_FEATURE_CHANGE didn't exist.
*/
# undef AUDIT_FEATURE_CHANGE
#endif
AUDIT_FEATURE_CHANGE 1328
AUDIT_REPLACE 1329
AUDIT_KERN_MODULE 1330
AUDIT_AVC 1400
AUDIT_SELINUX_ERR 1401
AUDIT_AVC_PATH 1402
AUDIT_MAC_POLICY_LOAD 1403
AUDIT_MAC_STATUS 1404
AUDIT_MAC_CONFIG_CHANGE 1405
AUDIT_MAC_UNLBL_ALLOW 1406
AUDIT_MAC_CIPSOV4_ADD 1407
AUDIT_MAC_CIPSOV4_DEL 1408
AUDIT_MAC_MAP_ADD 1409
AUDIT_MAC_MAP_DEL 1410
AUDIT_MAC_IPSEC_ADDSA 1411
AUDIT_MAC_IPSEC_DELSA 1412
AUDIT_MAC_IPSEC_ADDSPD 1413
AUDIT_MAC_IPSEC_DELSPD 1414
AUDIT_MAC_IPSEC_EVENT 1415
AUDIT_MAC_UNLBL_STCADD 1416
AUDIT_MAC_UNLBL_STCDEL 1417
AUDIT_MAC_CALIPSO_ADD 1418
AUDIT_MAC_CALIPSO_DEL 1419
AUDIT_ANOM_PROMISCUOUS 1700
AUDIT_ANOM_ABEND 1701
AUDIT_ANOM_LINK 1702
AUDIT_LAST_KERN_ANOM_MSG 1799
AUDIT_INTEGRITY_DATA 1800
AUDIT_INTEGRITY_METADATA 1801
AUDIT_INTEGRITY_STATUS 1802
AUDIT_INTEGRITY_HASH 1803
AUDIT_INTEGRITY_PCR 1804
AUDIT_INTEGRITY_RULE 1805
AUDIT_KERNEL 2000
AUDIT_FIRST_USER_MSG2 2100
AUDIT_LAST_USER_MSG2 2999
|
