diff options
author | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-06-19 19:35:50 +0100 |
---|---|---|
committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-06-19 19:35:50 +0100 |
commit | 0f45aa18e65cf3d768082d7d86054a0d2a20bb18 (patch) | |
tree | 6e94dfcd813061f5a710b5621e1b2f5a01a95533 /include/linux/audit.h | |
parent | 0107b3cf3225aed6ddde4fa8dbcd4ed643b34f4d (diff) | |
download | op-kernel-dev-0f45aa18e65cf3d768082d7d86054a0d2a20bb18.zip op-kernel-dev-0f45aa18e65cf3d768082d7d86054a0d2a20bb18.tar.gz |
AUDIT: Allow filtering of user messages
Turn the field from a bitmask to an enumeration and add a list to allow
filtering of messages generated by userspace. We also define a list for
file system watches in anticipation of that feature.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'include/linux/audit.h')
-rw-r--r-- | include/linux/audit.h | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index bf2ad3b..b5bda24 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -75,10 +75,15 @@ #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ /* Rule flags */ -#define AUDIT_PER_TASK 0x01 /* Apply rule at task creation (not syscall) */ -#define AUDIT_AT_ENTRY 0x02 /* Apply rule at syscall entry */ -#define AUDIT_AT_EXIT 0x04 /* Apply rule at syscall exit */ -#define AUDIT_PREPEND 0x10 /* Prepend to front of list */ +#define AUDIT_FILTER_USER 0x00 /* Apply rule to user-generated messages */ +#define AUDIT_FILTER_TASK 0x01 /* Apply rule at task creation (not syscall) */ +#define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */ +#define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */ +#define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */ + +#define AUDIT_NR_FILTERS 5 + +#define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */ /* Rule actions */ #define AUDIT_NEVER 0 /* Do not build context if rule matches */ @@ -230,6 +235,7 @@ extern int audit_socketcall(int nargs, unsigned long *args); extern int audit_sockaddr(int len, void *addr); extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); extern void audit_signal_info(int sig, struct task_struct *t); +extern int audit_filter_user(struct task_struct *tsk, int type); #else #define audit_alloc(t) ({ 0; }) #define audit_free(t) do { ; } while (0) @@ -246,6 +252,7 @@ extern void audit_signal_info(int sig, struct task_struct *t); #define audit_sockaddr(len, addr) ({ 0; }) #define audit_avc_path(dentry, mnt) ({ 0; }) #define audit_signal_info(s,t) do { ; } while (0) +#define audit_filter_user(struct ({ 1; }) #endif #ifdef CONFIG_AUDIT |