diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2008-12-14 23:45:27 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-01-04 15:14:41 -0500 |
| commit | 0590b9335a1c72a3f0defcc6231287f7817e07c8 (patch) | |
| tree | 289fa4668ae304f79f7484ac31b2cab0ab8894c1 /kernel/audit.h | |
| parent | 1a9d0797b8977d413435277bf9661efbbd584693 (diff) | |
fixing audit rule ordering mess, part 1
Problem: ordering between the rules on exit chain is currently lost;
all watch and inode rules are listed after everything else _and_
exit,never on one kind doesn't stop exit,always on another from
being matched.
Solution: assign priorities to rules, keep track of the current
highest-priority matching rule and its result (always/never).
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/audit.h')
| -rw-r--r-- | kernel/audit.h | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/kernel/audit.h b/kernel/audit.h index 9d6717412fec..16f18cac661b 100644 --- a/kernel/audit.h +++ b/kernel/audit.h | |||
| @@ -159,11 +159,8 @@ static inline int audit_signal_info(int sig, struct task_struct *t) | |||
| 159 | return __audit_signal_info(sig, t); | 159 | return __audit_signal_info(sig, t); |
| 160 | return 0; | 160 | return 0; |
| 161 | } | 161 | } |
| 162 | extern enum audit_state audit_filter_inodes(struct task_struct *, | 162 | extern void audit_filter_inodes(struct task_struct *, struct audit_context *); |
| 163 | struct audit_context *); | ||
| 164 | extern void audit_set_auditable(struct audit_context *); | ||
| 165 | #else | 163 | #else |
| 166 | #define audit_signal_info(s,t) AUDIT_DISABLED | 164 | #define audit_signal_info(s,t) AUDIT_DISABLED |
| 167 | #define audit_filter_inodes(t,c) AUDIT_DISABLED | 165 | #define audit_filter_inodes(t,c) AUDIT_DISABLED |
| 168 | #define audit_set_auditable(c) | ||
| 169 | #endif | 166 | #endif |