diff options
| author | Eric Paris <eparis@redhat.com> | 2009-12-17 20:12:06 -0500 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2010-07-28 09:58:19 -0400 |
| commit | 939a67fc4cbab8ca11c90da8a769d7e965d66a9b (patch) | |
| tree | 973363dabb2e84aa18e0ce1bbaf794be434e3901 | |
| parent | 67640b602f68332a83808426911636e9dbcc71fe (diff) | |
Audit: split audit watch Kconfig
Audit watch should depend on CONFIG_AUDIT_SYSCALL and should select
FSNOTIFY. This splits the spagetti like mixing of audit_watch and
audit_filter code so they can be configured seperately.
Signed-off-by: Eric Paris <eparis@redhat.com>
| -rw-r--r-- | init/Kconfig | 6 | ||||
| -rw-r--r-- | kernel/Makefile | 5 | ||||
| -rw-r--r-- | kernel/audit.h | 14 |
3 files changed, 21 insertions, 4 deletions
diff --git a/init/Kconfig b/init/Kconfig index 59f62548c2aa..05e932ef5169 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
| @@ -307,7 +307,6 @@ config TASK_IO_ACCOUNTING | |||
| 307 | config AUDIT | 307 | config AUDIT |
| 308 | bool "Auditing support" | 308 | bool "Auditing support" |
| 309 | depends on NET | 309 | depends on NET |
| 310 | select FSNOTIFY | ||
| 311 | help | 310 | help |
| 312 | Enable auditing infrastructure that can be used with another | 311 | Enable auditing infrastructure that can be used with another |
| 313 | kernel subsystem, such as SELinux (which requires this for | 312 | kernel subsystem, such as SELinux (which requires this for |
| @@ -323,6 +322,11 @@ config AUDITSYSCALL | |||
| 323 | can be used independently or with another kernel subsystem, | 322 | can be used independently or with another kernel subsystem, |
| 324 | such as SELinux. | 323 | such as SELinux. |
| 325 | 324 | ||
| 325 | config AUDIT_WATCH | ||
| 326 | def_bool y | ||
| 327 | depends on AUDITSYSCALL | ||
| 328 | select FSNOTIFY | ||
| 329 | |||
| 326 | config AUDIT_TREE | 330 | config AUDIT_TREE |
| 327 | def_bool y | 331 | def_bool y |
| 328 | depends on AUDITSYSCALL | 332 | depends on AUDITSYSCALL |
diff --git a/kernel/Makefile b/kernel/Makefile index 057472fbc272..202df4ece6a5 100644 --- a/kernel/Makefile +++ b/kernel/Makefile | |||
| @@ -70,10 +70,11 @@ obj-$(CONFIG_IKCONFIG) += configs.o | |||
| 70 | obj-$(CONFIG_RESOURCE_COUNTERS) += res_counter.o | 70 | obj-$(CONFIG_RESOURCE_COUNTERS) += res_counter.o |
| 71 | obj-$(CONFIG_SMP) += stop_machine.o | 71 | obj-$(CONFIG_SMP) += stop_machine.o |
| 72 | obj-$(CONFIG_KPROBES_SANITY_TEST) += test_kprobes.o | 72 | obj-$(CONFIG_KPROBES_SANITY_TEST) += test_kprobes.o |
| 73 | obj-$(CONFIG_AUDIT) += audit.o auditfilter.o audit_watch.o | 73 | obj-$(CONFIG_AUDIT) += audit.o auditfilter.o |
| 74 | obj-$(CONFIG_AUDITSYSCALL) += auditsc.o | 74 | obj-$(CONFIG_AUDITSYSCALL) += auditsc.o |
| 75 | obj-$(CONFIG_GCOV_KERNEL) += gcov/ | 75 | obj-$(CONFIG_AUDIT_WATCH) += audit_watch.o |
| 76 | obj-$(CONFIG_AUDIT_TREE) += audit_tree.o | 76 | obj-$(CONFIG_AUDIT_TREE) += audit_tree.o |
| 77 | obj-$(CONFIG_GCOV_KERNEL) += gcov/ | ||
| 77 | obj-$(CONFIG_KPROBES) += kprobes.o | 78 | obj-$(CONFIG_KPROBES) += kprobes.o |
| 78 | obj-$(CONFIG_KGDB) += debug/ | 79 | obj-$(CONFIG_KGDB) += debug/ |
| 79 | obj-$(CONFIG_DETECT_SOFTLOCKUP) += softlockup.o | 80 | obj-$(CONFIG_DETECT_SOFTLOCKUP) += softlockup.o |
diff --git a/kernel/audit.h b/kernel/audit.h index 100b454a7354..f7206db4e13d 100644 --- a/kernel/audit.h +++ b/kernel/audit.h | |||
| @@ -103,7 +103,10 @@ extern struct mutex audit_filter_mutex; | |||
| 103 | extern void audit_free_rule_rcu(struct rcu_head *); | 103 | extern void audit_free_rule_rcu(struct rcu_head *); |
| 104 | extern struct list_head audit_filter_list[]; | 104 | extern struct list_head audit_filter_list[]; |
| 105 | 105 | ||
| 106 | extern struct audit_entry *audit_dupe_rule(struct audit_krule *old); | ||
| 107 | |||
| 106 | /* audit watch functions */ | 108 | /* audit watch functions */ |
| 109 | #ifdef CONFIG_AUDIT_WATCH | ||
| 107 | extern void audit_put_watch(struct audit_watch *watch); | 110 | extern void audit_put_watch(struct audit_watch *watch); |
| 108 | extern void audit_get_watch(struct audit_watch *watch); | 111 | extern void audit_get_watch(struct audit_watch *watch); |
| 109 | extern int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op); | 112 | extern int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op); |
| @@ -111,7 +114,16 @@ extern int audit_add_watch(struct audit_krule *krule, struct list_head **list); | |||
| 111 | extern void audit_remove_watch_rule(struct audit_krule *krule); | 114 | extern void audit_remove_watch_rule(struct audit_krule *krule); |
| 112 | extern char *audit_watch_path(struct audit_watch *watch); | 115 | extern char *audit_watch_path(struct audit_watch *watch); |
| 113 | extern int audit_watch_compare(struct audit_watch *watch, unsigned long ino, dev_t dev); | 116 | extern int audit_watch_compare(struct audit_watch *watch, unsigned long ino, dev_t dev); |
| 114 | extern struct audit_entry *audit_dupe_rule(struct audit_krule *old); | 117 | #else |
| 118 | #define audit_put_watch(w) {} | ||
| 119 | #define audit_get_watch(w) {} | ||
| 120 | #define audit_to_watch(k, p, l, o) (-EINVAL) | ||
| 121 | #define audit_add_watch(k, l) (-EINVAL) | ||
| 122 | #define audit_remove_watch_rule(k) BUG() | ||
| 123 | #define audit_watch_path(w) "" | ||
| 124 | #define audit_watch_compare(w, i, d) 0 | ||
| 125 | |||
| 126 | #endif /* CONFIG_AUDIT_WATCH */ | ||
| 115 | 127 | ||
| 116 | #ifdef CONFIG_AUDIT_TREE | 128 | #ifdef CONFIG_AUDIT_TREE |
| 117 | extern struct audit_chunk *audit_tree_lookup(const struct inode *); | 129 | extern struct audit_chunk *audit_tree_lookup(const struct inode *); |