summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2013-11-25 21:57:51 -0500
committerEric Paris <eparis@redhat.com>2014-01-13 22:32:31 -0500
commit724e4fcc8d80c63c7e56873b41987533db2a04c2 (patch)
tree2227b9c065ce771308c2f28456b2a9cde559d5af
parent6dd80aba90639d1765396aa5e5f55e34dc3356e5 (diff)
downloadop-kernel-dev-724e4fcc8d80c63c7e56873b41987533db2a04c2.zip
op-kernel-dev-724e4fcc8d80c63c7e56873b41987533db2a04c2.tar.gz
audit: log on errors from filter user rules
An error on an AUDIT_NEVER rule disabled logging on that rule. On error on AUDIT_NEVER rules, log. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r--kernel/audit.c2
-rw-r--r--kernel/auditfilter.c11
2 files changed, 8 insertions, 5 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 9c4ec29..15661ef 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -869,7 +869,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
return 0;
err = audit_filter_user(msg_type);
- if (err == 1) {
+ if (err == 1) { /* match or error */
err = 0;
if (msg_type == AUDIT_USER_TTY) {
err = tty_audit_push_current();
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 629834a..14a78cc 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1290,19 +1290,22 @@ int audit_filter_user(int type)
{
enum audit_state state = AUDIT_DISABLED;
struct audit_entry *e;
- int ret = 1;
+ int rc, ret;
+
+ ret = 1; /* Audit by default */
rcu_read_lock();
list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
- if (audit_filter_user_rules(&e->rule, type, &state)) {
- if (state == AUDIT_DISABLED)
+ rc = audit_filter_user_rules(&e->rule, type, &state);
+ if (rc) {
+ if (rc > 0 && state == AUDIT_DISABLED)
ret = 0;
break;
}
}
rcu_read_unlock();
- return ret; /* Audit by default */
+ return ret;
}
int audit_filter_type(int type)
OpenPOWER on IntegriCloud