audit_status in kernel
Steve Grubb
sgrubb at redhat.com
Mon Mar 10 21:48:06 UTC 2014
Hello,
I was looking at a new kernel and see that the audit_status structure has
changed. The first member of the structure is a bit mask that tells what all is
in the structure. So, if we add this:
__u32 version; /* audit api version number */
__u32 backlog_wait_time;/* message queue wait timeout */
};
Then we need to have a define for those two:
#define AUDIT_STATUS_BACKLOG_LIMIT 0x0010
+#define AUDIT_STATTUS_VERSION 0x0020
-#define AUDIT_STATUS_BACKLOG_WAIT_TIME 0x0020
+#define AUDIT_STATUS_BACKLOG_WAIT_TIME 0x0040
IOW, each entry in the structure is supposed to have a mask value.
-Steve
More information about the Linux-audit
mailing list