audit: renumber AUDIT_FEATURE_CHANGE into the 1300 range

1000-1099 is for configuring things.  So auditd ignored such messages.
This is about actually logging what was configured.  Move it into the
range for such types of messages.

Reported-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Eric Paris 2014-04-02 16:21:24 -04:00
parent 56c4911aed
commit ab9705f34c
1 changed files with 1 additions and 1 deletions

View File

@ -70,7 +70,6 @@
#define AUDIT_TTY_SET 1017 /* Set TTY auditing status */ #define AUDIT_TTY_SET 1017 /* Set TTY auditing status */
#define AUDIT_SET_FEATURE 1018 /* Turn an audit feature on or off */ #define AUDIT_SET_FEATURE 1018 /* Turn an audit feature on or off */
#define AUDIT_GET_FEATURE 1019 /* Get which features are enabled */ #define AUDIT_GET_FEATURE 1019 /* Get which features are enabled */
#define AUDIT_FEATURE_CHANGE 1020 /* audit log listing feature changes */
#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */
#define AUDIT_USER_AVC 1107 /* We filter this differently */ #define AUDIT_USER_AVC 1107 /* We filter this differently */
@ -110,6 +109,7 @@
#define AUDIT_NETFILTER_CFG 1325 /* Netfilter chain modifications */ #define AUDIT_NETFILTER_CFG 1325 /* Netfilter chain modifications */
#define AUDIT_SECCOMP 1326 /* Secure Computing event */ #define AUDIT_SECCOMP 1326 /* Secure Computing event */
#define AUDIT_PROCTITLE 1327 /* Proctitle emit event */ #define AUDIT_PROCTITLE 1327 /* Proctitle emit event */
#define AUDIT_FEATURE_CHANGE 1328 /* audit log listing feature changes */
#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */