diff options
author | Dustin Kirkland <dustin.kirkland@us.ibm.com> | 2005-11-03 11:12:36 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-03-20 14:08:54 -0500 |
commit | c8edc80c8b8c397c53f4f659a05b9ea6208029bf (patch) | |
tree | 0b09c0ff9ea28038b711d7368100302a1cc69b6d /include | |
parent | 73241ccca0f7786933f1d31b3d86f2456549953a (diff) |
[PATCH] Exclude messages by message type
- Add a new, 5th filter called "exclude".
- And add a new field AUDIT_MSGTYPE.
- Define a new function audit_filter_exclude() that takes a message type
as input and examines all rules in the filter. It returns '1' if the
message is to be excluded, and '0' otherwise.
- Call the audit_filter_exclude() function near the top of
audit_log_start() just after asserting audit_initialized. If the
message type is not to be audited, return NULL very early, before
doing a lot of work.
[combined with followup fix for bug in original patch, Nov 4, same author]
[combined with later renaming AUDIT_FILTER_EXCLUDE->AUDIT_FILTER_TYPE
and audit_filter_exclude() -> audit_filter_type()]
Signed-off-by: Dustin Kirkland <dustin.kirkland@us.ibm.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/audit.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 739b954cb242..8fa1a8fbc04d 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -92,8 +92,9 @@ | |||
92 | #define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */ | 92 | #define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */ |
93 | #define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */ | 93 | #define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */ |
94 | #define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */ | 94 | #define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */ |
95 | #define AUDIT_FILTER_TYPE 0x05 /* Apply rule at audit_log_start */ | ||
95 | 96 | ||
96 | #define AUDIT_NR_FILTERS 5 | 97 | #define AUDIT_NR_FILTERS 6 |
97 | 98 | ||
98 | #define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */ | 99 | #define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */ |
99 | 100 | ||
@@ -132,6 +133,7 @@ | |||
132 | #define AUDIT_LOGINUID 9 | 133 | #define AUDIT_LOGINUID 9 |
133 | #define AUDIT_PERS 10 | 134 | #define AUDIT_PERS 10 |
134 | #define AUDIT_ARCH 11 | 135 | #define AUDIT_ARCH 11 |
136 | #define AUDIT_MSGTYPE 12 | ||
135 | 137 | ||
136 | /* These are ONLY useful when checking | 138 | /* These are ONLY useful when checking |
137 | * at syscall exit time (AUDIT_AT_EXIT). */ | 139 | * at syscall exit time (AUDIT_AT_EXIT). */ |
@@ -289,6 +291,7 @@ extern int audit_sockaddr(int len, void *addr); | |||
289 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); | 291 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); |
290 | extern void audit_signal_info(int sig, struct task_struct *t); | 292 | extern void audit_signal_info(int sig, struct task_struct *t); |
291 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); | 293 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); |
294 | extern int audit_filter_type(int type); | ||
292 | #else | 295 | #else |
293 | #define audit_alloc(t) ({ 0; }) | 296 | #define audit_alloc(t) ({ 0; }) |
294 | #define audit_free(t) do { ; } while (0) | 297 | #define audit_free(t) do { ; } while (0) |