From: Steve Grubb <sgrubb@redhat.com>
To: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>,
Jan Kara <jack@suse.cz>
Cc: Amir Goldstein <amir73il@gmail.com>,
linux-man@vger.kernel.org, Jan Kara <jack@suse.cz>
Subject: Re: [PATCH] fanotify: Document FAN_AUDIT flag
Date: Sun, 03 Jan 2021 10:43:28 -0500 [thread overview]
Message-ID: <4619055.31r3eYUQgx@x2> (raw)
In-Reply-To: <20201202154354.30778-1-jack@suse.cz>
On Wednesday, December 2, 2020 10:43:54 AM EST Jan Kara wrote:
> Document FAN_AUDIT and related FAN_ENABLE_AUDIT flags.
>
> Signed-off-by: Jan Kara <jack@suse.cz>
Looks good. Sorry about the delay.
Acked-by: Steve Grubb <sgrubb@redhat.com>
> ---
> man2/fanotify_init.2 | 7 +++++++
> man7/fanotify.7 | 9 ++++++++-
> 2 files changed, 15 insertions(+), 1 deletion(-)
>
> OK, here's my attempt to document the FAN_AUDIT flag. It would be nice if
> Steve glanced over it from the audit side to check things are sane.
>
> diff --git a/man2/fanotify_init.2 b/man2/fanotify_init.2
> index ca03b11dc98a..6becc7a680db 100644
> --- a/man2/fanotify_init.2
> +++ b/man2/fanotify_init.2
> @@ -155,6 +155,13 @@ supplied to
> (see
> .BR fanotify (7)).
> .TP
> +.BR FAN_ENABLE_AUDIT " (since Linux 4.15)"
> +.\" commit de8cd83e91bc3ee212b3e6ec6e4283af9e4ab269
> +Enable generation of audit log records about access mediation performed by
> +permission events. The permission event response has to be marked with
> +.B FAN_AUDIT
> +flag for audit log record to be generated.
> +.TP
> .BR FAN_REPORT_FID " (since Linux 5.1)"
> .\" commit a8b13aa20afb69161b5123b4f1acc7ea0a03d360
> This value allows the receipt of events which contain additional
> information diff --git a/man7/fanotify.7 b/man7/fanotify.7
> index 5804a1f30d6c..b5f096304cf4 100644
> --- a/man7/fanotify.7
> +++ b/man7/fanotify.7
> @@ -588,7 +588,14 @@ to deny the file operation.
> .PP
> If access is denied, the requesting application call will receive an
> .BR EPERM
> -error.
> +error. Additionally, if the notification group has been created with
> +.B FAN_ENABLE_AUDIT
> +flag,
> +.B FAN_AUDIT
> +flag can be set in the
> +.I response
> +field. In that case audit subsystem will log information about the access
> +decision to the audit logs.
> .\"
> .SS Closing the fanotify file descriptor
> When all file descriptors referring to the fanotify notification group are
next prev parent reply other threads:[~2021-01-03 15:45 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-02 15:43 [PATCH] fanotify: Document FAN_AUDIT flag Jan Kara
2020-12-02 15:57 ` Alejandro Colomar (man-pages)
2020-12-02 16:19 ` Jan Kara
2020-12-18 10:23 ` Ping: " Alejandro Colomar (man-pages)
2021-01-03 15:43 ` Steve Grubb [this message]
2021-01-04 13:27 ` Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4619055.31r3eYUQgx@x2 \
--to=sgrubb@redhat.com \
--cc=amir73il@gmail.com \
--cc=jack@suse.cz \
--cc=linux-man@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox