[PATCH 10/14] fixup! audit: implement audit by executable

Richard Guy Briggs rgb at redhat.com
Wed Jun 18 03:09:45 UTC 2014 

Check for existence of exe rule.
---
 kernel/audit_tree.c  |    2 +-
 kernel/audit_watch.c |    2 +-
 kernel/auditfilter.c |    4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 135944a..b4bf5d2 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -632,7 +632,7 @@ int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op)
 	if (pathname[0] != '/' ||
 	    rule->listnr != AUDIT_FILTER_EXIT ||
 	    op != Audit_equal ||
-	    rule->inode_f || rule->watch || rule->tree)
+	    rule->inode_f || rule->watch || rule->exe || rule->tree)
 		return -EINVAL;
 	rule->tree = alloc_tree(pathname);
 	if (!rule->tree)
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 70b4554..1169de3 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -196,7 +196,7 @@ int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op)
 	if (path[0] != '/' || path[len-1] == '/' ||
 	    krule->listnr != AUDIT_FILTER_EXIT ||
 	    op != Audit_equal ||
-	    krule->inode_f || krule->watch || krule->tree)
+	    krule->inode_f || krule->watch || krule->exe || krule->tree)
 		return -EINVAL;
 
 	watch = audit_init_watch(path);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index cae8eae..eede673 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -148,7 +148,7 @@ static inline int audit_to_inode(struct audit_krule *krule,
 				 struct audit_field *f)
 {
 	if (krule->listnr != AUDIT_FILTER_EXIT ||
-	    krule->inode_f || krule->watch || krule->tree ||
+	    krule->inode_f || krule->watch || krule->exe || krule->tree ||
 	    (f->op != Audit_equal && f->op != Audit_not_equal))
 		return -EINVAL;
 
@@ -1423,7 +1423,7 @@ static int update_lsm_rule(struct audit_krule *r)
 		list_del_rcu(&entry->list);
 		list_del(&r->list);
 	} else {
-		if (r->watch || r->tree)
+		if (r->watch || r->exe || r->tree)
 			list_replace_init(&r->rlist, &nentry->rule.rlist);
 		list_replace_rcu(&entry->list, &nentry->list);
 		list_replace(&r->list, &nentry->rule.list);
-- 
1.7.1

More information about the Linux-audit mailing list