diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2007-07-22 08:04:18 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2007-10-21 02:37:45 -0400 |
| commit | 74c3cbe33bc077ac1159cadfea608b501e100344 (patch) | |
| tree | 4c4023caa4e15d19780255fa5880df3d36eb292c /include | |
| parent | 455434d450a358ac5bcf3fc58f8913d13c544622 (diff) | |
[PATCH] audit: watching subtrees
New kind of audit rule predicates: "object is visible in given subtree".
The part that can be sanely implemented, that is. Limitations:
* if you have hardlink from outside of tree, you'd better watch
it too (or just watch the object itself, obviously)
* if you mount something under a watched tree, tell audit
that new chunk should be added to watched subtrees
* if you umount something in a watched tree and it's still mounted
elsewhere, you will get matches on events happening there. New command
tells audit to recalculate the trees, trimming such sources of false
positives.
Note that it's _not_ about path - if something mounted in several places
(multiple mount, bindings, different namespaces, etc.), the match does
_not_ depend on which one we are using for access.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/audit.h | 3 | ||||
| -rw-r--r-- | include/linux/dcache.h | 1 |
2 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 133b81be60a3..c68781692838 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
| @@ -63,6 +63,8 @@ | |||
| 63 | #define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */ | 63 | #define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */ |
| 64 | #define AUDIT_DEL_RULE 1012 /* Delete syscall filtering rule */ | 64 | #define AUDIT_DEL_RULE 1012 /* Delete syscall filtering rule */ |
| 65 | #define AUDIT_LIST_RULES 1013 /* List syscall filtering rules */ | 65 | #define AUDIT_LIST_RULES 1013 /* List syscall filtering rules */ |
| 66 | #define AUDIT_TRIM 1014 /* Trim junk from watched tree */ | ||
| 67 | #define AUDIT_MAKE_EQUIV 1015 /* Append to watched tree */ | ||
| 66 | #define AUDIT_TTY_GET 1016 /* Get TTY auditing status */ | 68 | #define AUDIT_TTY_GET 1016 /* Get TTY auditing status */ |
| 67 | #define AUDIT_TTY_SET 1017 /* Set TTY auditing status */ | 69 | #define AUDIT_TTY_SET 1017 /* Set TTY auditing status */ |
| 68 | 70 | ||
| @@ -203,6 +205,7 @@ | |||
| 203 | #define AUDIT_SUCCESS 104 /* exit >= 0; value ignored */ | 205 | #define AUDIT_SUCCESS 104 /* exit >= 0; value ignored */ |
| 204 | #define AUDIT_WATCH 105 | 206 | #define AUDIT_WATCH 105 |
| 205 | #define AUDIT_PERM 106 | 207 | #define AUDIT_PERM 106 |
| 208 | #define AUDIT_DIR 107 | ||
| 206 | 209 | ||
| 207 | #define AUDIT_ARG0 200 | 210 | #define AUDIT_ARG0 200 |
| 208 | #define AUDIT_ARG1 (AUDIT_ARG0+1) | 211 | #define AUDIT_ARG1 (AUDIT_ARG0+1) |
diff --git a/include/linux/dcache.h b/include/linux/dcache.h index aab53df4fafa..c2c153f97e8f 100644 --- a/include/linux/dcache.h +++ b/include/linux/dcache.h | |||
| @@ -178,6 +178,7 @@ d_iput: no no no yes | |||
| 178 | #define DCACHE_INOTIFY_PARENT_WATCHED 0x0020 /* Parent inode is watched */ | 178 | #define DCACHE_INOTIFY_PARENT_WATCHED 0x0020 /* Parent inode is watched */ |
| 179 | 179 | ||
| 180 | extern spinlock_t dcache_lock; | 180 | extern spinlock_t dcache_lock; |
| 181 | extern seqlock_t rename_lock; | ||
| 181 | 182 | ||
| 182 | /** | 183 | /** |
| 183 | * d_drop - drop a dentry | 184 | * d_drop - drop a dentry |