diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2016-06-24 16:35:46 -0400 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2016-06-27 11:01:00 -0400 |
commit | 86b2efbe3a390e07dbba725ef700b0d143e9a385 (patch) | |
tree | 6f29eca2803a82292ca3fd0f282b37764445d547 /kernel/audit.h | |
parent | da7f750c1ef570c0a22e5a3fc1fdfd8d308d9a1a (diff) | |
download | op-kernel-dev-86b2efbe3a390e07dbba725ef700b0d143e9a385.zip op-kernel-dev-86b2efbe3a390e07dbba725ef700b0d143e9a385.tar.gz |
audit: add fields to exclude filter by reusing user filter
RFE: add additional fields for use in audit filter exclude rules
https://github.com/linux-audit/audit-kernel/issues/5
Re-factor and combine audit_filter_type() with audit_filter_user() to
use audit_filter_user_rules() to enable the exclude filter to
additionally filter on PID, UID, GID, AUID, LOGINUID_SET, SUBJ_*.
The process of combining the similar audit_filter_user() and
audit_filter_type() functions, required inverting the meaning and
including the ALWAYS action of the latter.
Include audit_filter_user_rules() into audit_filter(), removing
unneeded logic in the process.
Keep the check to quit early if the list is empty.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: checkpatch.pl fixes - whitespace damage, wrapped description]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/audit.h')
-rw-r--r-- | kernel/audit.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/audit.h b/kernel/audit.h index cbbe6bb..1879f02 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -327,6 +327,8 @@ extern pid_t audit_sig_pid; extern kuid_t audit_sig_uid; extern u32 audit_sig_sid; +extern int audit_filter(int msgtype, unsigned int listtype); + #ifdef CONFIG_AUDITSYSCALL extern int __audit_signal_info(int sig, struct task_struct *t); static inline int audit_signal_info(int sig, struct task_struct *t) |