On Sun, Aug 9, 2020 at 9:02 PM Lakshmi Ramasubramanian <nra...@linux.microsoft.com> wrote: > > Error code was not included in the audit messages logged by > the integrity subsystem in the Linux kernel. > > commit 2f845882ecd2 in https://github.com/torvalds/linux tree added > "errno" field in the audit messages logged by the integrity subsystem. > The "errno" field will be set to 0 when the operation was completed > successfully, and on failure a non-zero error code is set in this field > in the audit message. > > Add the documentation for the "errno" field in the audit message > field dictionary. > > Sample audit message from the integrity subsystem with errno field: > > [ 6.303048] audit: type=1804 audit(1592506281.627:2): pid=1 uid=0 > auid=4294967295 ses=4294967295 subj=kernel op=measuring_key cause=ENOMEM > comm="swapper/0" name=".builtin_trusted_keys" res=0 errno=-12 > > Signed-off-by: Lakshmi Ramasubramanian <nra...@linux.microsoft.com> > --- > specs/fields/field-dictionary.csv | 1 + > 1 file changed, 1 insertion(+)
Merged. Thanks for following up with this. -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit