diff options
| author | Jeff Layton <jlayton@redhat.com> | 2012-10-10 15:25:25 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-10-12 00:32:03 -0400 |
| commit | 4fa6b5ecbf092c6ee752ece8a55d71f663d23254 (patch) | |
| tree | 6143912dc73b457a3be72faf31d46d855d3f87c3 /include/linux/audit.h | |
| parent | e3d6b07b8ba161f638b026feba0c3c97875d7f1c (diff) | |
| download | op-kernel-dev-4fa6b5ecbf092c6ee752ece8a55d71f663d23254.zip op-kernel-dev-4fa6b5ecbf092c6ee752ece8a55d71f663d23254.tar.gz | |
audit: overhaul __audit_inode_child to accomodate retrying
In order to accomodate retrying path-based syscalls, we need to add a
new "type" argument to audit_inode_child. This will tell us whether
we're looking for a child entry that represents a create or a delete.
If we find a parent, don't automatically assume that we need to create a
new entry. Instead, use the information we have to try to find an
existing entry first. Update it if one is found and create a new one if
not.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include/linux/audit.h')
| -rw-r--r-- | include/linux/audit.h | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index b11f517..3df643d 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -457,6 +457,8 @@ extern int audit_classify_arch(int arch); #define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ #define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ #define AUDIT_TYPE_PARENT 2 /* a parent audit record */ +#define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */ +#define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */ #ifdef CONFIG_AUDITSYSCALL /* These are defined in auditsc.c */ @@ -472,7 +474,8 @@ extern void audit_putname(const char *name); extern void __audit_inode(const char *name, const struct dentry *dentry, unsigned int parent); extern void __audit_inode_child(const struct inode *parent, - const struct dentry *dentry); + const struct dentry *dentry, + const unsigned char type); extern void __audit_seccomp(unsigned long syscall, long signr, int code); extern void __audit_ptrace(struct task_struct *t); @@ -513,9 +516,10 @@ static inline void audit_inode(const char *name, const struct dentry *dentry, __audit_inode(name, dentry, parent); } static inline void audit_inode_child(const struct inode *parent, - const struct dentry *dentry) { + const struct dentry *dentry, + const unsigned char type) { if (unlikely(!audit_dummy_context())) - __audit_inode_child(parent, dentry); + __audit_inode_child(parent, dentry, type); } void audit_core_dumps(long signr); @@ -667,13 +671,15 @@ static inline void __audit_inode(const char *name, const struct dentry *dentry, unsigned int parent) { } static inline void __audit_inode_child(const struct inode *parent, - const struct dentry *dentry) + const struct dentry *dentry, + const unsigned char type) { } static inline void audit_inode(const char *name, const struct dentry *dentry, unsigned int parent) { } static inline void audit_inode_child(const struct inode *parent, - const struct dentry *dentry) + const struct dentry *dentry, + const unsigned char type) { } static inline void audit_core_dumps(long signr) { } |
