audit: allow matching on obj_uid
Allow syscall exit filter matching based on the uid of the owner of an
inode used in a syscall. aka:
auditctl -a always,exit -S open -F obj_uid=0 -F perm=wa
Signed-off-by: Eric Paris <eparis@redhat.com>
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 67b66c3..55cb3da 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -223,6 +223,7 @@
#define AUDIT_PERM 106
#define AUDIT_DIR 107
#define AUDIT_FILETYPE 108
+#define AUDIT_OBJ_UID 109
#define AUDIT_ARG0 200
#define AUDIT_ARG1 (AUDIT_ARG0+1)