[PATCH] add/remove rule update
Hi, The following patch adds a little more information to the add/remove rule message emitted by the kernel. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Родитель
93315ed6dd
Коммит
5d3301088f
|
@ -240,7 +240,7 @@ struct audit_rule_data {
|
||||||
__u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
|
__u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
|
||||||
__u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
|
__u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
|
||||||
__u32 field_count;
|
__u32 field_count;
|
||||||
__u32 mask[AUDIT_BITMASK_SIZE];
|
__u32 mask[AUDIT_BITMASK_SIZE]; /* syscall(s) affected */
|
||||||
__u32 fields[AUDIT_MAX_FIELDS];
|
__u32 fields[AUDIT_MAX_FIELDS];
|
||||||
__u32 values[AUDIT_MAX_FIELDS];
|
__u32 values[AUDIT_MAX_FIELDS];
|
||||||
__u32 fieldflags[AUDIT_MAX_FIELDS];
|
__u32 fieldflags[AUDIT_MAX_FIELDS];
|
||||||
|
|
|
@ -487,10 +487,11 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
|
||||||
|
|
||||||
err = audit_add_rule(entry,
|
err = audit_add_rule(entry,
|
||||||
&audit_filter_list[entry->rule.listnr]);
|
&audit_filter_list[entry->rule.listnr]);
|
||||||
if (!err)
|
audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
|
||||||
audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
|
"auid=%u add rule to list=%d res=%d\n",
|
||||||
"auid=%u added an audit rule\n", loginuid);
|
loginuid, entry->rule.listnr, !err);
|
||||||
else
|
|
||||||
|
if (err)
|
||||||
audit_free_rule(entry);
|
audit_free_rule(entry);
|
||||||
break;
|
break;
|
||||||
case AUDIT_DEL:
|
case AUDIT_DEL:
|
||||||
|
@ -504,9 +505,10 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
|
||||||
|
|
||||||
err = audit_del_rule(entry,
|
err = audit_del_rule(entry,
|
||||||
&audit_filter_list[entry->rule.listnr]);
|
&audit_filter_list[entry->rule.listnr]);
|
||||||
if (!err)
|
audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
|
||||||
audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
|
"auid=%u remove rule from list=%d res=%d\n",
|
||||||
"auid=%u removed an audit rule\n", loginuid);
|
loginuid, entry->rule.listnr, !err);
|
||||||
|
|
||||||
audit_free_rule(entry);
|
audit_free_rule(entry);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
Загрузка…
Ссылка в новой задаче