diff options
| author | Richard Guy Briggs <rgb@redhat.com> | 2015-08-05 16:29:36 -0400 |
|---|---|---|
| committer | Paul Moore <pmoore@redhat.com> | 2015-08-06 16:14:53 -0400 |
| commit | 7f49294282c49ef426ed05eb4959728524ba140c (patch) | |
| tree | 6f942f046ecbd173c5fb34b589f4dd41413a6e30 /kernel/auditfilter.c | |
| parent | 84cb777e67814f2e06a99ff228f743409e9617e9 (diff) | |
| download | op-kernel-dev-7f49294282c49ef426ed05eb4959728524ba140c.zip op-kernel-dev-7f49294282c49ef426ed05eb4959728524ba140c.tar.gz | |
audit: clean simple fsnotify implementation
This is to be used to audit by executable path rules, but audit watches should
be able to share this code eventually.
At the moment the audit watch code is a lot more complex. That code only
creates one fsnotify watch per parent directory. That 'audit_parent' in
turn has a list of 'audit_watches' which contain the name, ino, dev of
the specific object we care about. This just creates one fsnotify watch
per object we care about. So if you watch 100 inodes in /etc this code
will create 100 fsnotify watches on /etc. The audit_watch code will
instead create 1 fsnotify watch on /etc (the audit_parent) and then 100
individual watches chained from that fsnotify mark.
We should be able to convert the audit_watch code to do one fsnotify
mark per watch and simplify things/remove a whole lot of code. After
that conversion we should be able to convert the audit_fsnotify code to
support that hierarchy if the optimization is necessary.
Move the access to the entry for audit_match_signal() to the beginning of
the audit_del_rule() function in case the entry found is the same one passed
in. This will enable it to be used by audit_autoremove_mark_rule(),
kill_rules() and audit_remove_parent_watches().
This is a heavily modified and merged version of two patches originally
submitted by Eric Paris.
Cc: Peter Moody <peter@hda3.com>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: added a space after a declaration to keep ./scripts/checkpatch happy]
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'kernel/auditfilter.c')
| -rw-r--r-- | kernel/auditfilter.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 7ca7d3b..b4d8c36 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -935,7 +935,7 @@ static inline int audit_add_rule(struct audit_entry *entry) } /* Remove an existing rule from filterlist. */ -static inline int audit_del_rule(struct audit_entry *entry) +int audit_del_rule(struct audit_entry *entry) { struct audit_entry *e; struct audit_tree *tree = entry->rule.tree; |
