diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2013-11-25 21:57:51 -0500 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2014-01-13 22:32:31 -0500 |
commit | 724e4fcc8d80c63c7e56873b41987533db2a04c2 (patch) | |
tree | 2227b9c065ce771308c2f28456b2a9cde559d5af | |
parent | 6dd80aba90639d1765396aa5e5f55e34dc3356e5 (diff) | |
download | op-kernel-dev-724e4fcc8d80c63c7e56873b41987533db2a04c2.zip op-kernel-dev-724e4fcc8d80c63c7e56873b41987533db2a04c2.tar.gz |
audit: log on errors from filter user rules
An error on an AUDIT_NEVER rule disabled logging on that rule.
On error on AUDIT_NEVER rules, log.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r-- | kernel/audit.c | 2 | ||||
-rw-r--r-- | kernel/auditfilter.c | 11 |
2 files changed, 8 insertions, 5 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 9c4ec29..15661ef 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -869,7 +869,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) return 0; err = audit_filter_user(msg_type); - if (err == 1) { + if (err == 1) { /* match or error */ err = 0; if (msg_type == AUDIT_USER_TTY) { err = tty_audit_push_current(); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 629834a..14a78cc 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1290,19 +1290,22 @@ int audit_filter_user(int type) { enum audit_state state = AUDIT_DISABLED; struct audit_entry *e; - int ret = 1; + int rc, ret; + + ret = 1; /* Audit by default */ rcu_read_lock(); list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) { - if (audit_filter_user_rules(&e->rule, type, &state)) { - if (state == AUDIT_DISABLED) + rc = audit_filter_user_rules(&e->rule, type, &state); + if (rc) { + if (rc > 0 && state == AUDIT_DISABLED) ret = 0; break; } } rcu_read_unlock(); - return ret; /* Audit by default */ + return ret; } int audit_filter_type(int type) |