diff options
| author | Amy Griffis <amy.griffis@hp.com> | 2006-09-07 17:46:18 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-09-11 13:32:17 -0400 |
| commit | 5974501e2d44546748e67c635cec20ba66619a3d (patch) | |
| tree | f36ef74c1192b73d25a84f9c09ddb844a0d59cc6 /kernel | |
| parent | 8ef2d3040e5cf38f7d64a408038f576b4a5ec987 (diff) | |
[PATCH] update audit rule change messages
Make the audit message for implicit rule removal more informative.
Make the rule update message consistent with other messages.
Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/auditfilter.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 0d6a8fc21f17..e4cafc11c510 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -914,7 +914,7 @@ static void audit_update_watch(struct audit_parent *parent, | |||
| 914 | } | 914 | } |
| 915 | 915 | ||
| 916 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); | 916 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); |
| 917 | audit_log_format(ab, "audit updated rules specifying watch="); | 917 | audit_log_format(ab, "audit updated rules specifying path="); |
| 918 | audit_log_untrustedstring(ab, owatch->path); | 918 | audit_log_untrustedstring(ab, owatch->path); |
| 919 | audit_log_format(ab, " with dev=%u ino=%lu\n", dev, ino); | 919 | audit_log_format(ab, " with dev=%u ino=%lu\n", dev, ino); |
| 920 | audit_log_end(ab); | 920 | audit_log_end(ab); |
| @@ -937,19 +937,28 @@ static void audit_remove_parent_watches(struct audit_parent *parent) | |||
| 937 | struct audit_watch *w, *nextw; | 937 | struct audit_watch *w, *nextw; |
| 938 | struct audit_krule *r, *nextr; | 938 | struct audit_krule *r, *nextr; |
| 939 | struct audit_entry *e; | 939 | struct audit_entry *e; |
| 940 | struct audit_buffer *ab; | ||
| 940 | 941 | ||
| 941 | mutex_lock(&audit_filter_mutex); | 942 | mutex_lock(&audit_filter_mutex); |
| 942 | parent->flags |= AUDIT_PARENT_INVALID; | 943 | parent->flags |= AUDIT_PARENT_INVALID; |
| 943 | list_for_each_entry_safe(w, nextw, &parent->watches, wlist) { | 944 | list_for_each_entry_safe(w, nextw, &parent->watches, wlist) { |
| 944 | list_for_each_entry_safe(r, nextr, &w->rules, rlist) { | 945 | list_for_each_entry_safe(r, nextr, &w->rules, rlist) { |
| 945 | e = container_of(r, struct audit_entry, rule); | 946 | e = container_of(r, struct audit_entry, rule); |
| 947 | |||
| 948 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); | ||
| 949 | audit_log_format(ab, "audit implicitly removed rule path="); | ||
| 950 | audit_log_untrustedstring(ab, w->path); | ||
| 951 | if (r->filterkey) { | ||
| 952 | audit_log_format(ab, " key="); | ||
| 953 | audit_log_untrustedstring(ab, r->filterkey); | ||
| 954 | } else | ||
| 955 | audit_log_format(ab, " key=(null)"); | ||
| 956 | audit_log_format(ab, " list=%d", r->listnr); | ||
| 957 | audit_log_end(ab); | ||
| 958 | |||
| 946 | list_del(&r->rlist); | 959 | list_del(&r->rlist); |
| 947 | list_del_rcu(&e->list); | 960 | list_del_rcu(&e->list); |
| 948 | call_rcu(&e->rcu, audit_free_rule_rcu); | 961 | call_rcu(&e->rcu, audit_free_rule_rcu); |
| 949 | |||
| 950 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
| 951 | "audit implicitly removed rule from list=%d\n", | ||
| 952 | AUDIT_FILTER_EXIT); | ||
| 953 | } | 962 | } |
| 954 | audit_remove_watch(w); | 963 | audit_remove_watch(w); |
| 955 | } | 964 | } |