nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

audit: log on errors from filter user rules

Browse source 
An error on an AUDIT_NEVER rule disabled logging on that rule.
On error on AUDIT_NEVER rules, log.

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Richard Guy Briggs 2013-11-25 21:57:51 -05:00 committed by Eric Paris
parent 6dd80aba90
commit 724e4fcc8d
2 changed files with 8 additions and 5 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

2
kernel/audit.c
View file

@ -869,7 +869,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
return 0;
err = audit_filter_user(msg_type);
if (err == 1) {
if (err == 1) { /* match or error */
err = 0;
if (msg_type == AUDIT_USER_TTY) {
err = tty_audit_push_current();

11
kernel/auditfilter.c
View file

@ -1290,19 +1290,22 @@ int audit_filter_user(int type)
{
enum audit_state state = AUDIT_DISABLED;
struct audit_entry *e;
int ret = 1;
int rc, ret;
ret = 1; /* Audit by default */
rcu_read_lock();
list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
if (audit_filter_user_rules(&e->rule, type, &state)) {
if (state == AUDIT_DISABLED)
rc = audit_filter_user_rules(&e->rule, type, &state);
if (rc) {
if (rc > 0 && state == AUDIT_DISABLED)
ret = 0;
break;
}
}
rcu_read_unlock();
return ret; /* Audit by default */
return ret;
}
int audit_filter_type(int type)