[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[PATCH] audit quota violations



Hi,

Attached is a patch to start collecting audit events for quota violations. I'm 
interested in feedback as to whether memory allocation should be gfp_atomic 
at this spot and if the placement is correct.

Thanks,
-Steve
diff -urp linux-2.6.14.orig/fs/dquot.c linux-2.6.14/fs/dquot.c
--- linux-2.6.14.orig/fs/dquot.c	2005-12-03 18:03:00.000000000 -0500
+++ linux-2.6.14/fs/dquot.c	2005-12-03 18:37:38.000000000 -0500
@@ -78,6 +78,7 @@
 #include <linux/namei.h>
 #include <linux/buffer_head.h>
 #include <linux/quotaops.h>
+#include <linux/audit.h>
 
 #include <asm/uaccess.h>
 
@@ -835,6 +836,9 @@ static void print_warning(struct dquot *
 			break;
 	}
 	tty_write_message(current->signal->tty, msg);
+	audit_log(current->audit_context, GFP_ATOMIC,
+		AUDIT_ANOM_QUOTA, "quota=%d auid=%u", warntype,
+		audit_get_loginuid(current->audit_context));
 }
 
 static inline void flush_warnings(struct dquot **dquots, char *warntype)
diff -urp linux-2.6.14.orig/include/linux/audit.h linux-2.6.14/include/linux/audit.h
--- linux-2.6.14.orig/include/linux/audit.h	2005-12-03 18:31:59.000000000 -0500
+++ linux-2.6.14/include/linux/audit.h	2005-12-03 18:30:49.000000000 -0500
@@ -88,6 +88,7 @@
 #define AUDIT_FIRST_KERN_ANOM_MSG   1700
 #define AUDIT_LAST_KERN_ANOM_MSG    1799
 #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
+#define AUDIT_ANOM_QUOTA            1701 /* Disk quota */
 
 #define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */
 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]