NetworkManager/src/nm-audit-manager.h

/* NetworkManager audit support
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Copyright 2015 Red Hat, Inc.
 */

#ifndef __NM_AUDIT_MANAGER_H__
#define __NM_AUDIT_MANAGER_H__

#include "nm-connection.h"
#include "devices/nm-device.h"
#include "nm-types.h"

#define NM_TYPE_AUDIT_MANAGER            (nm_audit_manager_get_type ())
#define NM_AUDIT_MANAGER(obj)            (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_AUDIT_MANAGER, NMAuditManager))
#define NM_AUDIT_MANAGER_CLASS(klass)    (G_TYPE_CHECK_CLASS_CAST ((klass),  NM_TYPE_AUDIT_MANAGER, NMAuditManagerClass))
#define NM_IS_AUDIT_MANAGER(obj)         (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_AUDIT_MANAGER))
#define NM_IS_AUDIT_MANAGER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass),  NM_TYPE_AUDIT_MANAGER))
#define NM_AUDIT_MANAGER_GET_CLASS(obj)  (G_TYPE_INSTANCE_GET_CLASS ((obj),  NM_TYPE_AUDIT_MANAGER, NMAuditManagerClass))

typedef struct _NMAuditManagerClass NMAuditManagerClass;

#define NM_AUDIT_OP_CONN_ADD                "connection-add"
#define NM_AUDIT_OP_CONN_DELETE             "connection-delete"
#define NM_AUDIT_OP_CONN_UPDATE             "connection-update"
#define NM_AUDIT_OP_CONN_ACTIVATE           "connection-activate"
#define NM_AUDIT_OP_CONN_ADD_ACTIVATE       "connection-add-activate"
#define NM_AUDIT_OP_CONN_DEACTIVATE         "connection-deactivate"
#define NM_AUDIT_OP_CONN_CLEAR_SECRETS      "connection-clear-secrets"

#define NM_AUDIT_OP_CONNS_RELOAD            "connections-reload"
#define NM_AUDIT_OP_CONNS_LOAD              "connections-load"

#define NM_AUDIT_OP_RELOAD                  "reload"
#define NM_AUDIT_OP_SLEEP_CONTROL           "sleep-control"
#define NM_AUDIT_OP_NET_CONTROL             "networking-control"
#define NM_AUDIT_OP_RADIO_CONTROL           "radio-control"
#define NM_AUDIT_OP_STATISTICS              "statistics"

#define NM_AUDIT_OP_DEVICE_AUTOCONNECT      "device-autoconnect"
#define NM_AUDIT_OP_DEVICE_DISCONNECT       "device-disconnect"
#define NM_AUDIT_OP_DEVICE_DELETE           "device-delete"
#define NM_AUDIT_OP_DEVICE_MANAGED          "device-managed"
#define NM_AUDIT_OP_DEVICE_REAPPLY          "device-reapply"

#define NM_AUDIT_OP_CHECKPOINT_CREATE       "checkpoint-create"
#define NM_AUDIT_OP_CHECKPOINT_ROLLBACK     "checkpoint-rollback"
#define NM_AUDIT_OP_CHECKPOINT_DESTROY      "checkpoint-destroy"
#define NM_AUDIT_OP_CHECKPOINT_ADJUST_ROLLBACK_TIMEOUT "checkpoint-adjust-rollback-timeout"

GType nm_audit_manager_get_type (void);
NMAuditManager *nm_audit_manager_get (void);
gboolean nm_audit_manager_audit_enabled (NMAuditManager *self);

#define nm_audit_log_connection_op(op, connection, result, args, subject_context, reason) \
	G_STMT_START { \
		NMAuditManager *_audit = nm_audit_manager_get (); \
		\
		if (nm_audit_manager_audit_enabled (_audit)) { \
			_nm_audit_manager_log_connection_op (_audit, __FILE__, __LINE__, G_STRFUNC, \
			                                     (op), (connection), (result), (args), (subject_context), \
			                                     (reason)); \
		} \
	} G_STMT_END

#define nm_audit_log_control_op(op, arg, result, subject_context, reason) \
	G_STMT_START { \
		NMAuditManager *_audit = nm_audit_manager_get (); \
		\
		if (nm_audit_manager_audit_enabled (_audit)) { \
			_nm_audit_manager_log_generic_op (_audit, __FILE__, __LINE__, G_STRFUNC, \
			                                  (op), (arg), (result), (subject_context), (reason)); \
		} \
	} G_STMT_END

#define nm_audit_log_device_op(op, device, result, args, subject_context, reason) \
	G_STMT_START { \
		NMAuditManager *_audit = nm_audit_manager_get (); \
		\
		if (nm_audit_manager_audit_enabled (_audit)) { \
			_nm_audit_manager_log_device_op (_audit, __FILE__, __LINE__, G_STRFUNC, \
			                                 (op), (device), (result), (args), (subject_context), (reason)); \
		} \
	} G_STMT_END

#define nm_audit_log_checkpoint_op(op, arg, result, subject_context, reason) \
	G_STMT_START { \
		NMAuditManager *_audit = nm_audit_manager_get (); \
		\
		if (nm_audit_manager_audit_enabled (_audit)) { \
			_nm_audit_manager_log_generic_op (_audit, __FILE__, __LINE__, G_STRFUNC, \
			                                  (op), (arg), (result), (subject_context), (reason)); \
		} \
	} G_STMT_END

void _nm_audit_manager_log_connection_op (NMAuditManager *self, const char *file, guint line,
                                          const char *func, const char *op, NMSettingsConnection *connection,
                                          gboolean result, const char *args, gpointer subject_context,
                                          const char *reason);

void _nm_audit_manager_log_generic_op    (NMAuditManager *self, const char *file, guint line,
                                          const char *func, const char *op, const char *arg,
                                          gboolean result, gpointer subject_context, const char *reason);

void _nm_audit_manager_log_device_op     (NMAuditManager *self, const char *file, guint line,
                                          const char *func, const char *op, NMDevice *device,
                                          gboolean result, const char *args, gpointer subject_context,
                                          const char *reason);

#endif /* __NM_AUDIT_MANAGER_H__ */
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00			`/* NetworkManager audit support`
			`*`
			`* This program is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation; either version 2 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License along`
			`* with this program; if not, write to the Free Software Foundation, Inc.,`
			`* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.`
			`*`
			`* Copyright 2015 Red Hat, Inc.`
			`*/`

			`#ifndef __NM_AUDIT_MANAGER_H__`
			`#define __NM_AUDIT_MANAGER_H__`

			`#include "nm-connection.h"`
build: don't add subdirectories to include search path but require qualified include Keep the include paths clean and separate. We use directories to group source files together. That makes sense (I guess), but then we should use this grouping also when including files. Thus require to #include files with their path relative to "src/". Also, we build various artifacts from the "src/" tree. Instead of having individual CFLAGS for each artifact in Makefile.am, the CFLAGS should be unified. Previously, the CFLAGS for each artifact differ and are inconsistent in which paths they add to the search path. Fix the inconsistency by just don't add the paths at all. 2016-11-21 00:43:52 +01:00			`#include "devices/nm-device.h"`
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00			`#include "nm-types.h"`

			`#define NM_TYPE_AUDIT_MANAGER (nm_audit_manager_get_type ())`
			`#define NM_AUDIT_MANAGER(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_AUDIT_MANAGER, NMAuditManager))`
			`#define NM_AUDIT_MANAGER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_AUDIT_MANAGER, NMAuditManagerClass))`
			`#define NM_IS_AUDIT_MANAGER(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_AUDIT_MANAGER))`
			`#define NM_IS_AUDIT_MANAGER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_AUDIT_MANAGER))`
			`#define NM_AUDIT_MANAGER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_AUDIT_MANAGER, NMAuditManagerClass))`

core: refactor private data in "src" - use _NM_GET_PRIVATE() and _NM_GET_PRIVATE_PTR() everywhere. - reorder statements, to have GObject related functions (init, dispose, constructed) at the bottom of each file and in a consistent order w.r.t. each other. - unify whitespaces in signal and properties declarations. - use NM_GOBJECT_PROPERTIES_DEFINE() and _notify() - drop unused signal slots in class structures - drop unused header files for device factories 2016-09-29 13:49:01 +02:00			`typedef struct _NMAuditManagerClass NMAuditManagerClass;`
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00
			`#define NM_AUDIT_OP_CONN_ADD "connection-add"`
			`#define NM_AUDIT_OP_CONN_DELETE "connection-delete"`
			`#define NM_AUDIT_OP_CONN_UPDATE "connection-update"`
			`#define NM_AUDIT_OP_CONN_ACTIVATE "connection-activate"`
			`#define NM_AUDIT_OP_CONN_ADD_ACTIVATE "connection-add-activate"`
			`#define NM_AUDIT_OP_CONN_DEACTIVATE "connection-deactivate"`
			`#define NM_AUDIT_OP_CONN_CLEAR_SECRETS "connection-clear-secrets"`

settings: add audit-logging for connection load and reload 2019-07-15 09:56:44 +02:00			`#define NM_AUDIT_OP_CONNS_RELOAD "connections-reload"`
			`#define NM_AUDIT_OP_CONNS_LOAD "connections-load"`

manager: add Reload() D-Bus command Add new Reload D-Bus command to reload NetworkManager configuration. For now, this is like sending SIGHUP to the process. There are several advantages here: - it is guarded via PolicyKit authentication while signals can only be sent by root. - the user can wait for the reload to be complete instead of sending an asynchronous signal. For now, we operation completes after nm_config_reload() returns, but later we could delay the response further until specific parts are fully reloaded. - SIGHUP reloads everything including re-reading configuration from disk while SIGUSR1 reloads just certain parts such as writing out DNS configuration anew. Now, the Reload command has a flags argument which is more granular in selecting parts which are to be reloaded. For example, via signals the user can: 1) send SIGUSR1: this writes out the DNS configuration to resolv.conf and possibly reloads other parts without re-reading configuration and without restarting the DNS plugin. 2) send SIGHUP: this reloads configuration from disk, writes out resolv.conf and restarts the DNS plugin. There is no way, to only restart the DNS plugin without also reloading everything else. 2016-05-30 15:42:44 +02:00			`#define NM_AUDIT_OP_RELOAD "reload"`
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00			`#define NM_AUDIT_OP_SLEEP_CONTROL "sleep-control"`
			`#define NM_AUDIT_OP_NET_CONTROL "networking-control"`
			`#define NM_AUDIT_OP_RADIO_CONTROL "radio-control"`
auth: check when setting statistics refresh rate 2016-08-10 11:54:32 +02:00			`#define NM_AUDIT_OP_STATISTICS "statistics"`
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00
			`#define NM_AUDIT_OP_DEVICE_AUTOCONNECT "device-autoconnect"`
			`#define NM_AUDIT_OP_DEVICE_DISCONNECT "device-disconnect"`
			`#define NM_AUDIT_OP_DEVICE_DELETE "device-delete"`
device: allow modifying Managed property https://bugzilla.redhat.com/show_bug.cgi?id=1114685 https://bugzilla.gnome.org/show_bug.cgi?id=746566 Related: https://bugzilla.gnome.org/show_bug.cgi?id=680909 Related: https://bugzilla.gnome.org/show_bug.cgi?id=731014 Based-on-patch-by: Lubomir Rintel <lkundrak@v3.sk> 2015-09-15 14:27:31 +02:00			`#define NM_AUDIT_OP_DEVICE_MANAGED "device-managed"`
device: refactor reapply_connection() Reapplying a connection should not be done by iterating over and (unsorted) @diffs array. Instead the order matters! E.g. first layer 2 before IP settings. Thus extracting those individual updates on a per-setting base to different reapply_*() functions is more complicated, albeit incorrect in complex cases. We need full control over how to reapply changes, one after the other. Also, once we start applying changes, we cannot really abort on error. We can only continue best-effort and hope for the best. Also, always reapply certain settings, even if the configuration doesn't change. That means, if the user externally deletes a static IP address, he can call reapply() to restore it. Even though he doesn't provide a different setting to apply. Also revert the changes to nm_device_reapply_settings_immediately(). Effectively there is little code that can be reused. Add audit logging. 2016-01-07 11:55:44 +01:00			`#define NM_AUDIT_OP_DEVICE_REAPPLY "device-reapply"`
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00
checkpoint: add audit support 2016-08-01 17:19:14 +02:00			`#define NM_AUDIT_OP_CHECKPOINT_CREATE "checkpoint-create"`
			`#define NM_AUDIT_OP_CHECKPOINT_ROLLBACK "checkpoint-rollback"`
			`#define NM_AUDIT_OP_CHECKPOINT_DESTROY "checkpoint-destroy"`
checkpoint: allow resetting the rollback timeout via D-Bus This allows to adjust the timeout of an existing checkpoint. The main usecase of checkpoints, is to have a fail-safe when configuring the network remotely. By allowing to reset the timeout, the user can perform a series of actions, and keep bumping the timeout. That way, the entire series is still guarded by the same checkpoint, but the user can start with short timeout, and re-adjust the timeout as he goes along. The libnm API only implements the async form (at least for now). Sync methods are fundamentally wrong with D-Bus, and it's probably not needed. Also, follow glib convenction, where the async form doesn't have the _async name suffix. Also, accept a D-Bus path as argument, not a NMCheckpoint instance. The libnm API should not be more restricted than the underlying D-Bus API. It would be cumbersome to require the user to lookup the NMCheckpoint instance first, especially since libnm doesn't provide an efficient or convenient lookup-by-path method. On the other hand, retrieving the path from a NMCheckpoint instance is always possible. 2018-03-28 08:09:56 +02:00			`#define NM_AUDIT_OP_CHECKPOINT_ADJUST_ROLLBACK_TIMEOUT "checkpoint-adjust-rollback-timeout"`
checkpoint: add audit support 2016-08-01 17:19:14 +02:00
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00			`GType nm_audit_manager_get_type (void);`
			`NMAuditManager *nm_audit_manager_get (void);`
			`gboolean nm_audit_manager_audit_enabled (NMAuditManager *self);`

audit: log changed properties when updating a connection The main purpose of audit logging is to understand who did what to the system configuration, so it is useful to log also the list of changed properties when a connection is updated: op="connection-update" uuid="2f3e48fc-5f47-41d9-9278-d2871378df43" name="pppoe1" args="pppoe.username,pppoe.password" <======== pid=9523 uid=1001 result="success" 2016-04-20 12:10:55 +02:00			`#define nm_audit_log_connection_op(op, connection, result, args, subject_context, reason) \`
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00			`G_STMT_START { \`
			`NMAuditManager *_audit = nm_audit_manager_get (); \`
			`\`
			`if (nm_audit_manager_audit_enabled (_audit)) { \`
			`_nm_audit_manager_log_connection_op (_audit, __FILE__, __LINE__, G_STRFUNC, \`
audit: log changed properties when updating a connection The main purpose of audit logging is to understand who did what to the system configuration, so it is useful to log also the list of changed properties when a connection is updated: op="connection-update" uuid="2f3e48fc-5f47-41d9-9278-d2871378df43" name="pppoe1" args="pppoe.username,pppoe.password" <======== pid=9523 uid=1001 result="success" 2016-04-20 12:10:55 +02:00			`(op), (connection), (result), (args), (subject_context), \`
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00			`(reason)); \`
			`} \`
			`} G_STMT_END`

audit: allow passing GDBusMethodInvocation context to audit methods 2016-01-07 16:31:19 +01:00			`#define nm_audit_log_control_op(op, arg, result, subject_context, reason) \`
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00			`G_STMT_START { \`
			`NMAuditManager *_audit = nm_audit_manager_get (); \`
			`\`
			`if (nm_audit_manager_audit_enabled (_audit)) { \`
checkpoint: add audit support 2016-08-01 17:19:14 +02:00			`_nm_audit_manager_log_generic_op (_audit, __FILE__, __LINE__, G_STRFUNC, \`
audit: allow passing GDBusMethodInvocation context to audit methods 2016-01-07 16:31:19 +01:00			`(op), (arg), (result), (subject_context), (reason)); \`
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00			`} \`
			`} G_STMT_END`

audit: add @args to device logging functions 2017-03-04 00:06:59 +01:00			`#define nm_audit_log_device_op(op, device, result, args, subject_context, reason) \`
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00			`G_STMT_START { \`
			`NMAuditManager *_audit = nm_audit_manager_get (); \`
			`\`
			`if (nm_audit_manager_audit_enabled (_audit)) { \`
			`_nm_audit_manager_log_device_op (_audit, __FILE__, __LINE__, G_STRFUNC, \`
audit: add @args to device logging functions 2017-03-04 00:06:59 +01:00			`(op), (device), (result), (args), (subject_context), (reason)); \`
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00			`} \`
			`} G_STMT_END`

checkpoint: add audit support 2016-08-01 17:19:14 +02:00			`#define nm_audit_log_checkpoint_op(op, arg, result, subject_context, reason) \`
			`G_STMT_START { \`
			`NMAuditManager *_audit = nm_audit_manager_get (); \`
			`\`
			`if (nm_audit_manager_audit_enabled (_audit)) { \`
			`_nm_audit_manager_log_generic_op (_audit, __FILE__, __LINE__, G_STRFUNC, \`
			`(op), (arg), (result), (subject_context), (reason)); \`
			`} \`
			`} G_STMT_END`

core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00			`void _nm_audit_manager_log_connection_op (NMAuditManager self, const char file, guint line,`
core: separate active and applied connection Clone the connection upon activation. This makes it safe for the user to modify the original connection while it is activated. This involves several changes: - NMActiveConnection gets @settings_connection and @applied_connection. To support add-and-activate, we constructing a NMActiveConnection with no connection set. Previously, we would set the "connection" field to a temporary NMConnection. Now NMManager piggybacks this temporary connection as object-data (TAG_ACTIVE_CONNETION_ADD_AND_ACTIVATE). - get rid of the functions nm_active_connection_get_connection_type() and nm_active_connection_get_connection_uuid(). From their names it is unclear whether this returns the settings or applied connection. The (few) callers should figure that out themselves. - rename nm_active_connection_get_id() to nm_active_connection_get_settings_connection_id(). This function is only used internally for logging. - dispatcher calls now get two connections as well. The applied-connection is used for the connection data, while the settings-connection is used for the connection path. - needs special handling for properties that apply immediately when changed (nm_device_reapply_settings_immediately()). Co-Authored-By: Thomas Haller <thaller@redhat.com> https://bugzilla.gnome.org/show_bug.cgi?id=724041 2015-07-14 16:53:24 +02:00			`const char func, const char op, NMSettingsConnection *connection,`
audit: log changed properties when updating a connection The main purpose of audit logging is to understand who did what to the system configuration, so it is useful to log also the list of changed properties when a connection is updated: op="connection-update" uuid="2f3e48fc-5f47-41d9-9278-d2871378df43" name="pppoe1" args="pppoe.username,pppoe.password" <======== pid=9523 uid=1001 result="success" 2016-04-20 12:10:55 +02:00			`gboolean result, const char *args, gpointer subject_context,`
			`const char *reason);`
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00
checkpoint: add audit support 2016-08-01 17:19:14 +02:00			`void _nm_audit_manager_log_generic_op (NMAuditManager self, const char file, guint line,`
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00			`const char func, const char op, const char *arg,`
audit: allow passing GDBusMethodInvocation context to audit methods 2016-01-07 16:31:19 +01:00			`gboolean result, gpointer subject_context, const char *reason);`
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00
			`void _nm_audit_manager_log_device_op (NMAuditManager self, const char file, guint line,`
			`const char func, const char op, NMDevice *device,`
audit: add @args to device logging functions 2017-03-04 00:06:59 +01:00			`gboolean result, const char *args, gpointer subject_context,`
			`const char *reason);`
checkpoint: add audit support 2016-08-01 17:19:14 +02:00
core: add audit support Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system. 2015-07-20 18:33:35 +02:00			`#endif /* __NM_AUDIT_MANAGER_H__ */`