diff options
| -rw-r--r-- | kernel/auditfilter.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 1a58a81fb09d..4f40d923af8e 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -411,7 +411,6 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) | |||
| 411 | case AUDIT_FSGID: | 411 | case AUDIT_FSGID: |
| 412 | case AUDIT_LOGINUID: | 412 | case AUDIT_LOGINUID: |
| 413 | case AUDIT_PERS: | 413 | case AUDIT_PERS: |
| 414 | case AUDIT_ARCH: | ||
| 415 | case AUDIT_MSGTYPE: | 414 | case AUDIT_MSGTYPE: |
| 416 | case AUDIT_PPID: | 415 | case AUDIT_PPID: |
| 417 | case AUDIT_DEVMAJOR: | 416 | case AUDIT_DEVMAJOR: |
| @@ -423,6 +422,14 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) | |||
| 423 | case AUDIT_ARG2: | 422 | case AUDIT_ARG2: |
| 424 | case AUDIT_ARG3: | 423 | case AUDIT_ARG3: |
| 425 | break; | 424 | break; |
| 425 | /* arch is only allowed to be = or != */ | ||
| 426 | case AUDIT_ARCH: | ||
| 427 | if ((f->op != AUDIT_NOT_EQUAL) && (f->op != AUDIT_EQUAL) | ||
| 428 | && (f->op != AUDIT_NEGATE) && (f->op)) { | ||
| 429 | err = -EINVAL; | ||
| 430 | goto exit_free; | ||
| 431 | } | ||
| 432 | break; | ||
| 426 | case AUDIT_PERM: | 433 | case AUDIT_PERM: |
| 427 | if (f->val & ~15) | 434 | if (f->val & ~15) |
| 428 | goto exit_free; | 435 | goto exit_free; |