aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorDustin Kirkland <dustin.kirkland@us.ibm.com>2005-11-03 11:12:36 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2006-03-20 14:08:54 -0500
commitc8edc80c8b8c397c53f4f659a05b9ea6208029bf (patch)
tree0b09c0ff9ea28038b711d7368100302a1cc69b6d /include
parent73241ccca0f7786933f1d31b3d86f2456549953a (diff)
[PATCH] Exclude messages by message type
- Add a new, 5th filter called "exclude". - And add a new field AUDIT_MSGTYPE. - Define a new function audit_filter_exclude() that takes a message type as input and examines all rules in the filter. It returns '1' if the message is to be excluded, and '0' otherwise. - Call the audit_filter_exclude() function near the top of audit_log_start() just after asserting audit_initialized. If the message type is not to be audited, return NULL very early, before doing a lot of work. [combined with followup fix for bug in original patch, Nov 4, same author] [combined with later renaming AUDIT_FILTER_EXCLUDE->AUDIT_FILTER_TYPE and audit_filter_exclude() -> audit_filter_type()] Signed-off-by: Dustin Kirkland <dustin.kirkland@us.ibm.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include')
-rw-r--r--include/linux/audit.h5
1 files changed, 4 insertions, 1 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 739b954cb242..8fa1a8fbc04d 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -92,8 +92,9 @@
92#define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */ 92#define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */
93#define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */ 93#define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */
94#define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */ 94#define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */
95#define AUDIT_FILTER_TYPE 0x05 /* Apply rule at audit_log_start */
95 96
96#define AUDIT_NR_FILTERS 5 97#define AUDIT_NR_FILTERS 6
97 98
98#define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */ 99#define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */
99 100
@@ -132,6 +133,7 @@
132#define AUDIT_LOGINUID 9 133#define AUDIT_LOGINUID 9
133#define AUDIT_PERS 10 134#define AUDIT_PERS 10
134#define AUDIT_ARCH 11 135#define AUDIT_ARCH 11
136#define AUDIT_MSGTYPE 12
135 137
136 /* These are ONLY useful when checking 138 /* These are ONLY useful when checking
137 * at syscall exit time (AUDIT_AT_EXIT). */ 139 * at syscall exit time (AUDIT_AT_EXIT). */
@@ -289,6 +291,7 @@ extern int audit_sockaddr(int len, void *addr);
289extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); 291extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt);
290extern void audit_signal_info(int sig, struct task_struct *t); 292extern void audit_signal_info(int sig, struct task_struct *t);
291extern int audit_filter_user(struct netlink_skb_parms *cb, int type); 293extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
294extern int audit_filter_type(int type);
292#else 295#else
293#define audit_alloc(t) ({ 0; }) 296#define audit_alloc(t) ({ 0; })
294#define audit_free(t) do { ; } while (0) 297#define audit_free(t) do { ; } while (0)