From: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
To: Jan Kara <jack@suse.cz>
Cc: mtk.manpages@gmail.com, Amir Goldstein <amir73il@gmail.com>,
Steve Grubb <sgrubb@redhat.com>,
linux-man@vger.kernel.org
Subject: Re: [PATCH] fanotify: Document FAN_AUDIT flag
Date: Mon, 4 Jan 2021 14:27:04 +0100 [thread overview]
Message-ID: <e93b458c-fa59-4cd7-34af-e0fbed161c6f@gmail.com> (raw)
In-Reply-To: <20201202154354.30778-1-jack@suse.cz>
On 12/2/20 4:43 PM, Jan Kara wrote:
> Document FAN_AUDIT and related FAN_ENABLE_AUDIT flags.
>
> Signed-off-by: Jan Kara <jack@suse.cz>
Thanks, Jan. Applied with Steve's Acked-by
Cheers,
Michael
> ---
> man2/fanotify_init.2 | 7 +++++++
> man7/fanotify.7 | 9 ++++++++-
> 2 files changed, 15 insertions(+), 1 deletion(-)
>
> OK, here's my attempt to document the FAN_AUDIT flag. It would be nice if
> Steve glanced over it from the audit side to check things are sane.
>
> diff --git a/man2/fanotify_init.2 b/man2/fanotify_init.2
> index ca03b11dc98a..6becc7a680db 100644
> --- a/man2/fanotify_init.2
> +++ b/man2/fanotify_init.2
> @@ -155,6 +155,13 @@ supplied to
> (see
> .BR fanotify (7)).
> .TP
> +.BR FAN_ENABLE_AUDIT " (since Linux 4.15)"
> +.\" commit de8cd83e91bc3ee212b3e6ec6e4283af9e4ab269
> +Enable generation of audit log records about access mediation performed by
> +permission events. The permission event response has to be marked with
> +.B FAN_AUDIT
> +flag for audit log record to be generated.
> +.TP
> .BR FAN_REPORT_FID " (since Linux 5.1)"
> .\" commit a8b13aa20afb69161b5123b4f1acc7ea0a03d360
> This value allows the receipt of events which contain additional information
> diff --git a/man7/fanotify.7 b/man7/fanotify.7
> index 5804a1f30d6c..b5f096304cf4 100644
> --- a/man7/fanotify.7
> +++ b/man7/fanotify.7
> @@ -588,7 +588,14 @@ to deny the file operation.
> .PP
> If access is denied, the requesting application call will receive an
> .BR EPERM
> -error.
> +error. Additionally, if the notification group has been created with
> +.B FAN_ENABLE_AUDIT
> +flag,
> +.B FAN_AUDIT
> +flag can be set in the
> +.I response
> +field. In that case audit subsystem will log information about the access
> +decision to the audit logs.
> .\"
> .SS Closing the fanotify file descriptor
> When all file descriptors referring to the fanotify notification group are
>
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
prev parent reply other threads:[~2021-01-04 13:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-02 15:43 [PATCH] fanotify: Document FAN_AUDIT flag Jan Kara
2020-12-02 15:57 ` Alejandro Colomar (man-pages)
2020-12-02 16:19 ` Jan Kara
2020-12-18 10:23 ` Ping: " Alejandro Colomar (man-pages)
2021-01-03 15:43 ` Steve Grubb
2021-01-04 13:27 ` Michael Kerrisk (man-pages) [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e93b458c-fa59-4cd7-34af-e0fbed161c6f@gmail.com \
--to=mtk.manpages@gmail.com \
--cc=amir73il@gmail.com \
--cc=jack@suse.cz \
--cc=linux-man@vger.kernel.org \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.