Git Repo - linux.git/commit - kernel/auditsc.c

author	Ondrej Mosnacek <[email protected]>
	Wed, 10 Apr 2019 09:14:19 +0000 (11:14 +0200)
committer	Paul Moore <[email protected]>
	Mon, 15 Apr 2019 22:10:17 +0000 (18:10 -0400)
commit	2d87a0674bd60d855e4008e2d84f5b23d7cb9b7d
tree	f1652a306b9313539536d13ab52aa94249d1b0c9	tree \| snapshot
parent	699c1868a743f530081f429058616a2dd5d8a4b2	commit \| diff

timekeeping: Audit clock adjustments

Emit an audit record whenever the system clock is changed (i.e. shifted
by a non-zero offset) by a syscall from userspace. The syscalls than can
(at the time of writing) trigger such record are:
  - settimeofday(2), stime(2), clock_settime(2) -- via
    do_settimeofday64()
  - adjtimex(2), clock_adjtime(2) -- via do_adjtimex()

The new records have type AUDIT_TIME_INJOFFSET and contain the following
fields:
  - sec -- the 'seconds' part of the offset
  - nsec -- the 'nanoseconds' part of the offset

Example record (time was shifted backwards by ~15.875 seconds):

type=TIME_INJOFFSET msg=audit(1530616049.652:13): sec=-16 nsec=124887145

The records of this type will be associated with the corresponding
syscall records.

Signed-off-by: Ondrej Mosnacek <[email protected]>
Reviewed-by: Richard Guy Briggs <[email protected]>
Reviewed-by: Thomas Gleixner <[email protected]>
[PM: fixed a line width problem in __audit_tk_injoffset()]
Signed-off-by: Paul Moore <[email protected]>

include/linux/audit.h		diff \| blob \| blame \| history
include/uapi/linux/audit.h		diff \| blob \| blame \| history
kernel/auditsc.c		diff \| blob \| blame \| history
kernel/time/timekeeping.c		diff \| blob \| blame \| history