Commit 5d330108 authored by Steve Grubb's avatar Steve Grubb Committed by Al Viro
Browse files

[PATCH] add/remove rule update 



Hi,

The following patch adds a little more information to the add/remove rule message emitted
by the kernel.

Signed-off-by: default avatarSteve Grubb <sgrubb@redhat.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 93315ed6

include/linux/audit.h

+1 −1
Original line number Diff line number Diff line
@@ -240,7 +240,7 @@ struct audit_rule_data { 
	__u32		flags;	/* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */

	__u32		action;	/* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */

	__u32		field_count;

	__u32		mask[AUDIT_BITMASK_SIZE];

	__u32		mask[AUDIT_BITMASK_SIZE]; /* syscall(s) affected */

	__u32		fields[AUDIT_MAX_FIELDS];

	__u32		values[AUDIT_MAX_FIELDS];

	__u32		fieldflags[AUDIT_MAX_FIELDS];

kernel/auditfilter.c

+9 −7
Original line number Diff line number Diff line
@@ -487,10 +487,11 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, 


		err = audit_add_rule(entry,

				     &audit_filter_list[entry->rule.listnr]);

		if (!err)

		audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,

				  "auid=%u added an audit rule\n", loginuid);

		else

			"auid=%u add rule to list=%d res=%d\n",

			loginuid, entry->rule.listnr, !err);



		if (err)

			audit_free_rule(entry);

		break;

	case AUDIT_DEL:
@@ -504,9 +505,10 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, 


		err = audit_del_rule(entry,

				     &audit_filter_list[entry->rule.listnr]);

		if (!err)

		audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,

				  "auid=%u removed an audit rule\n", loginuid);

			"auid=%u remove rule from list=%d res=%d\n",

			loginuid, entry->rule.listnr, !err);



		audit_free_rule(entry);

		break;

	default:

CRA Git | Maintained and supported by SUSTech CRA and CCSE