On Sat, Dec 14, 2024 at 8:30 AM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Wed, Dec 4, 2024 at 8:21 PM Thiébaud Weksteen <tweek@xxxxxxxxxx> wrote: > > > > Add a new audit message type to capture nlmsg-related information. This > > is similar to LSM_AUDIT_DATA_IOCTL_OP which was added for the other > > SELinux extended permission (ioctl). > > > > Adding a new type is preferred to adding to the existing > > lsm_network_audit structure which contains irrelevant information for > > the netlink sockets (i.e., dport, sport). > > > > Signed-off-by: Thiébaud Weksteen <tweek@xxxxxxxxxx> > > --- > > v2: Change printed field name from nlmsg_type to nlnk-msgtype > > > > include/linux/lsm_audit.h | 2 ++ > > security/lsm_audit.c | 3 +++ > > security/selinux/hooks.c | 4 ++-- > > 3 files changed, 7 insertions(+), 2 deletions(-) > > ... > > > diff --git a/security/lsm_audit.c b/security/lsm_audit.c > > index 9a8352972086..70444230e56f 100644 > > --- a/security/lsm_audit.c > > +++ b/security/lsm_audit.c > > @@ -425,6 +425,9 @@ static void dump_common_audit_data(struct audit_buffer *ab, > > case LSM_AUDIT_DATA_ANONINODE: > > audit_log_format(ab, " anonclass=%s", a->u.anonclass); > > break; > > + case LSM_AUDIT_DATA_NLMSGTYPE: > > + audit_log_format(ab, " nlnk-msgtype=%hu", a->u.nlmsg_type); > > + break; > > See my follow-up reply to your v1 patch. Assuming no objections, I > can change this to "nl-msgtype" when I merge the patch; is that okay > with you? Yes, please do. Thanks Paul.
