From: Eric Paris Date: Wed, 2 Apr 2014 20:21:24 +0000 (-0400) Subject: audit: renumber AUDIT_FEATURE_CHANGE into the 1300 range X-Git-Tag: firefly_0821_release~176^2~4072^2~1 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=ab9705f34ce92b4f0da494859e69688e1e34e387;p=firefly-linux-kernel-4.4.55.git audit: renumber AUDIT_FEATURE_CHANGE into the 1300 range 1000-1099 is for configuring things. So auditd ignored such messages. This is about actually logging what was configured. Move it into the range for such types of messages. Reported-by: Steve Grubb Signed-off-by: Eric Paris --- diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 4315ee99b967..11917f747cb4 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -70,7 +70,6 @@ #define AUDIT_TTY_SET 1017 /* Set TTY auditing status */ #define AUDIT_SET_FEATURE 1018 /* Turn an audit feature on or off */ #define AUDIT_GET_FEATURE 1019 /* Get which features are enabled */ -#define AUDIT_FEATURE_CHANGE 1020 /* audit log listing feature changes */ #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ #define AUDIT_USER_AVC 1107 /* We filter this differently */ @@ -110,6 +109,7 @@ #define AUDIT_NETFILTER_CFG 1325 /* Netfilter chain modifications */ #define AUDIT_SECCOMP 1326 /* Secure Computing event */ #define AUDIT_PROCTITLE 1327 /* Proctitle emit event */ +#define AUDIT_FEATURE_CHANGE 1328 /* audit log listing feature changes */ #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */