提交 5d330108 编写于 作者: S Steve Grubb 提交者: Al Viro

[PATCH] add/remove rule update

Hi,

The following patch adds a little more information to the add/remove rule message emitted
by the kernel.
Signed-off-by: NSteve Grubb <sgrubb@redhat.com>
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
上级 93315ed6
...@@ -240,7 +240,7 @@ struct audit_rule_data { ...@@ -240,7 +240,7 @@ struct audit_rule_data {
__u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */ __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
__u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */ __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
__u32 field_count; __u32 field_count;
__u32 mask[AUDIT_BITMASK_SIZE]; __u32 mask[AUDIT_BITMASK_SIZE]; /* syscall(s) affected */
__u32 fields[AUDIT_MAX_FIELDS]; __u32 fields[AUDIT_MAX_FIELDS];
__u32 values[AUDIT_MAX_FIELDS]; __u32 values[AUDIT_MAX_FIELDS];
__u32 fieldflags[AUDIT_MAX_FIELDS]; __u32 fieldflags[AUDIT_MAX_FIELDS];
......
...@@ -487,10 +487,11 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, ...@@ -487,10 +487,11 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
err = audit_add_rule(entry, err = audit_add_rule(entry,
&audit_filter_list[entry->rule.listnr]); &audit_filter_list[entry->rule.listnr]);
if (!err) audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, "auid=%u add rule to list=%d res=%d\n",
"auid=%u added an audit rule\n", loginuid); loginuid, entry->rule.listnr, !err);
else
if (err)
audit_free_rule(entry); audit_free_rule(entry);
break; break;
case AUDIT_DEL: case AUDIT_DEL:
...@@ -504,9 +505,10 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, ...@@ -504,9 +505,10 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
err = audit_del_rule(entry, err = audit_del_rule(entry,
&audit_filter_list[entry->rule.listnr]); &audit_filter_list[entry->rule.listnr]);
if (!err) audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, "auid=%u remove rule from list=%d res=%d\n",
"auid=%u removed an audit rule\n", loginuid); loginuid, entry->rule.listnr, !err);
audit_free_rule(entry); audit_free_rule(entry);
break; break;
default: default:
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册