summaryrefslogtreecommitdiffstats
path: root/kernel/audit.h
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2016-06-24 16:35:46 -0400
committerPaul Moore <paul@paul-moore.com>2016-06-27 11:01:00 -0400
commit86b2efbe3a390e07dbba725ef700b0d143e9a385 (patch)
tree6f29eca2803a82292ca3fd0f282b37764445d547 /kernel/audit.h
parentda7f750c1ef570c0a22e5a3fc1fdfd8d308d9a1a (diff)
downloadop-kernel-dev-86b2efbe3a390e07dbba725ef700b0d143e9a385.zip
op-kernel-dev-86b2efbe3a390e07dbba725ef700b0d143e9a385.tar.gz
audit: add fields to exclude filter by reusing user filter
RFE: add additional fields for use in audit filter exclude rules https://github.com/linux-audit/audit-kernel/issues/5 Re-factor and combine audit_filter_type() with audit_filter_user() to use audit_filter_user_rules() to enable the exclude filter to additionally filter on PID, UID, GID, AUID, LOGINUID_SET, SUBJ_*. The process of combining the similar audit_filter_user() and audit_filter_type() functions, required inverting the meaning and including the ALWAYS action of the latter. Include audit_filter_user_rules() into audit_filter(), removing unneeded logic in the process. Keep the check to quit early if the list is empty. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: checkpatch.pl fixes - whitespace damage, wrapped description] Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/audit.h')
-rw-r--r--kernel/audit.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/audit.h b/kernel/audit.h
index cbbe6bb..1879f02 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -327,6 +327,8 @@ extern pid_t audit_sig_pid;
extern kuid_t audit_sig_uid;
extern u32 audit_sig_sid;
+extern int audit_filter(int msgtype, unsigned int listtype);
+
#ifdef CONFIG_AUDITSYSCALL
extern int __audit_signal_info(int sig, struct task_struct *t);
static inline int audit_signal_info(int sig, struct task_struct *t)
OpenPOWER on IntegriCloud