[RFC PATCH 0/2] Extend AUDIT_EXE and AUDIT_DIR to more filter types
Ondrej Mosnacek
omosnace at redhat.com
Wed May 30 08:45:23 UTC 2018
This patch set extends the previous AUDIT_EXE patch by also doing a similar
thing with the AUDIT_DIR field.
I am sending it as RFC since this change requires passing audit_context to
audit_filter and I'm not sure if I should also pass it when doing the
AUDIT_FILTER_USER filtering. The call site does not have the ctx variable,
although I suppose it could be extracted from the current task somehow, but I'm
not sure if it even makes sense to use it in that place. I am not enabling
AUDIT_DIR for AUDIT_FILTER_USER in this patch, but if it makes sense I will do
that in the final patch.
Paul/Richard, please advise. See the FIXME in the second patch for the
problematic location.
Ondrej Mosnacek (2):
audit: allow other filter list types for AUDIT_EXE
[WIP] audit: allow other filter list types for AUDIT_DIR
kernel/audit.c | 5 +++--
kernel/audit.h | 32 +++++++++++++++++++++++++++++++-
kernel/audit_tree.c | 4 +++-
kernel/auditfilter.c | 13 ++++++++++---
kernel/auditsc.c | 28 ----------------------------
5 files changed, 47 insertions(+), 35 deletions(-)
--
2.17.0
More information about the Linux-audit
mailing list