2 files changed, 10 insertions, 8 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 8a3b98175c25..d760430c8de3 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -240,7 +240,7 @@ struct audit_rule_data {
        __u32           flags;  /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
        __u32           action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
        __u32           field_count;
-        __u32           mask[AUDIT_BITMASK_SIZE];
+        __u32           mask[AUDIT_BITMASK_SIZE]; /* syscall(s) affected */
        __u32           fields[AUDIT_MAX_FIELDS];
        __u32           values[AUDIT_MAX_FIELDS];
        __u32           fieldflags[AUDIT_MAX_FIELDS];
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 686d514a3518..35f8fa82bb8b 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -487,10 +487,11 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
                err = audit_add_rule(entry,
                                     &audit_filter_list[entry->rule.listnr]);
-                if (!err)
+                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
-                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                        "auid=%u add rule to list=%d res=%d\n",
-                                  "auid=%u added an audit rule\n", loginuid);
+                        loginuid, entry->rule.listnr, !err);
-                else
+                if (err)
                        audit_free_rule(entry);
                break;
        case AUDIT_DEL:
@@ -504,9 +505,10 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
                err = audit_del_rule(entry,
                                     &audit_filter_list[entry->rule.listnr]);
-                if (!err)
+                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
-                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                        "auid=%u remove rule from list=%d res=%d\n",
-                                  "auid=%u removed an audit rule\n", loginuid);
+                        loginuid, entry->rule.listnr, !err);
                audit_free_rule(entry);
                break;
        default:

diff --git a/include/linux/audit.h b/include/linux/audit.h index 8a3b98175c25..d760430c8de3 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h
@@ -240,7 +240,7 @@ struct audit_rule_data {
240	__u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */	240	__u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
241	__u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */	241	__u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
242	__u32 field_count;	242	__u32 field_count;
243	__u32 mask[AUDIT_BITMASK_SIZE];	243	__u32 mask[AUDIT_BITMASK_SIZE]; /* syscall(s) affected */
244	__u32 fields[AUDIT_MAX_FIELDS];	244	__u32 fields[AUDIT_MAX_FIELDS];
245	__u32 values[AUDIT_MAX_FIELDS];	245	__u32 values[AUDIT_MAX_FIELDS];
246	__u32 fieldflags[AUDIT_MAX_FIELDS];	246	__u32 fieldflags[AUDIT_MAX_FIELDS];


diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 686d514a3518..35f8fa82bb8b 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c
@@ -487,10 +487,11 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
487		487
488	err = audit_add_rule(entry,	488	err = audit_add_rule(entry,
489	&audit_filter_list[entry->rule.listnr]);	489	&audit_filter_list[entry->rule.listnr]);
490	if (!err)	490	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
491	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,	491	"auid=%u add rule to list=%d res=%d\n",
492	"auid=%u added an audit rule\n", loginuid);	492	loginuid, entry->rule.listnr, !err);
493	else	493
		494	if (err)
494	audit_free_rule(entry);	495	audit_free_rule(entry);
495	break;	496	break;
496	case AUDIT_DEL:	497	case AUDIT_DEL:
@@ -504,9 +505,10 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
504		505
505	err = audit_del_rule(entry,	506	err = audit_del_rule(entry,
506	&audit_filter_list[entry->rule.listnr]);	507	&audit_filter_list[entry->rule.listnr]);
507	if (!err)	508	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
508	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,	509	"auid=%u remove rule from list=%d res=%d\n",
509	"auid=%u removed an audit rule\n", loginuid);	510	loginuid, entry->rule.listnr, !err);
		511
510	audit_free_rule(entry);	512	audit_free_rule(entry);
511	break;	513	break;
512	default:	514	default: