On Wednesday, December 2, 2020 10:43:54 AM EST Jan Kara wrote: > Document FAN_AUDIT and related FAN_ENABLE_AUDIT flags. > > Signed-off-by: Jan Kara <jack@xxxxxxx> Looks good. Sorry about the delay. Acked-by: Steve Grubb <sgrubb@xxxxxxxxxx> > --- > man2/fanotify_init.2 | 7 +++++++ > man7/fanotify.7 | 9 ++++++++- > 2 files changed, 15 insertions(+), 1 deletion(-) > > OK, here's my attempt to document the FAN_AUDIT flag. It would be nice if > Steve glanced over it from the audit side to check things are sane. > > diff --git a/man2/fanotify_init.2 b/man2/fanotify_init.2 > index ca03b11dc98a..6becc7a680db 100644 > --- a/man2/fanotify_init.2 > +++ b/man2/fanotify_init.2 > @@ -155,6 +155,13 @@ supplied to > (see > .BR fanotify (7)). > .TP > +.BR FAN_ENABLE_AUDIT " (since Linux 4.15)" > +.\" commit de8cd83e91bc3ee212b3e6ec6e4283af9e4ab269 > +Enable generation of audit log records about access mediation performed by > +permission events. The permission event response has to be marked with > +.B FAN_AUDIT > +flag for audit log record to be generated. > +.TP > .BR FAN_REPORT_FID " (since Linux 5.1)" > .\" commit a8b13aa20afb69161b5123b4f1acc7ea0a03d360 > This value allows the receipt of events which contain additional > information diff --git a/man7/fanotify.7 b/man7/fanotify.7 > index 5804a1f30d6c..b5f096304cf4 100644 > --- a/man7/fanotify.7 > +++ b/man7/fanotify.7 > @@ -588,7 +588,14 @@ to deny the file operation. > .PP > If access is denied, the requesting application call will receive an > .BR EPERM > -error. > +error. Additionally, if the notification group has been created with > +.B FAN_ENABLE_AUDIT > +flag, > +.B FAN_AUDIT > +flag can be set in the > +.I response > +field. In that case audit subsystem will log information about the access > +decision to the audit logs. > .\" > .SS Closing the fanotify file descriptor > When all file descriptors referring to the fanotify notification group are
