audit: allow matching on obj_uid

Allow syscall exit filter matching based on the uid of the owner of an inode used in a syscall. aka: auditctl -a always,exit -S open -F obj_uid=0 -F perm=wa Signed-off-by: Eric Paris <eparis@redhat.com>
2012-01-03 14:23:07 -05:00
parent 6422e78de6
commit efaffd6e44
3 changed files with 14 additions and 0 deletions
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -223,6 +223,7 @@
 #define AUDIT_PERM	106
 #define AUDIT_DIR	107
 #define AUDIT_FILETYPE	108
+#define AUDIT_OBJ_UID	109

 #define AUDIT_ARG0      200
 #define AUDIT_ARG1      (AUDIT_ARG0+1)