From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9DBA3C64E7C for ; Wed, 2 Dec 2020 15:44:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3C55B20B1F for ; Wed, 2 Dec 2020 15:44:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728362AbgLBPol (ORCPT ); Wed, 2 Dec 2020 10:44:41 -0500 Received: from mx2.suse.de ([195.135.220.15]:36918 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728339AbgLBPol (ORCPT ); Wed, 2 Dec 2020 10:44:41 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 9B239AB63; Wed, 2 Dec 2020 15:44:00 +0000 (UTC) Received: by quack2.suse.cz (Postfix, from userid 1000) id 3E6A41E1318; Wed, 2 Dec 2020 16:44:00 +0100 (CET) From: Jan Kara To: "Michael Kerrisk (man-pages)" Cc: Amir Goldstein , Steve Grubb , linux-man@vger.kernel.org, Jan Kara Subject: [PATCH] fanotify: Document FAN_AUDIT flag Date: Wed, 2 Dec 2020 16:43:54 +0100 Message-Id: <20201202154354.30778-1-jack@suse.cz> X-Mailer: git-send-email 2.16.4 Precedence: bulk List-ID: X-Mailing-List: linux-man@vger.kernel.org Document FAN_AUDIT and related FAN_ENABLE_AUDIT flags. Signed-off-by: Jan Kara --- man2/fanotify_init.2 | 7 +++++++ man7/fanotify.7 | 9 ++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) OK, here's my attempt to document the FAN_AUDIT flag. It would be nice if Steve glanced over it from the audit side to check things are sane. diff --git a/man2/fanotify_init.2 b/man2/fanotify_init.2 index ca03b11dc98a..6becc7a680db 100644 --- a/man2/fanotify_init.2 +++ b/man2/fanotify_init.2 @@ -155,6 +155,13 @@ supplied to (see .BR fanotify (7)). .TP +.BR FAN_ENABLE_AUDIT " (since Linux 4.15)" +.\" commit de8cd83e91bc3ee212b3e6ec6e4283af9e4ab269 +Enable generation of audit log records about access mediation performed by +permission events. The permission event response has to be marked with +.B FAN_AUDIT +flag for audit log record to be generated. +.TP .BR FAN_REPORT_FID " (since Linux 5.1)" .\" commit a8b13aa20afb69161b5123b4f1acc7ea0a03d360 This value allows the receipt of events which contain additional information diff --git a/man7/fanotify.7 b/man7/fanotify.7 index 5804a1f30d6c..b5f096304cf4 100644 --- a/man7/fanotify.7 +++ b/man7/fanotify.7 @@ -588,7 +588,14 @@ to deny the file operation. .PP If access is denied, the requesting application call will receive an .BR EPERM -error. +error. Additionally, if the notification group has been created with +.B FAN_ENABLE_AUDIT +flag, +.B FAN_AUDIT +flag can be set in the +.I response +field. In that case audit subsystem will log information about the access +decision to the audit logs. .\" .SS Closing the fanotify file descriptor When all file descriptors referring to the fanotify notification group are -- 2.16.4