]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 841770e) | patch
audit: allow interfield comparison in audit rules
authorEric Paris <eparis@redhat.com>
Tue, 3 Jan 2012 19:23:08 +0000 (14:23 -0500)
committerAl Viro <viro@zeniv.linux.org.uk>
Tue, 17 Jan 2012 21:17:01 +0000 (16:17 -0500)
commit142d9f393fb814747f4540b7e84285984f4e35d6
tree3ef085bd96cc79733cff28993379dbbd4b855813tree | snapshot
parent841770e13d2df3b72ab498bf54cc45dab8c13b0bcommit | diff
audit: allow interfield comparison in audit rules

We wish to be able to audit when a uid=500 task accesses a file which is
uid=0.  Or vice versa.  This patch introduces a new audit filter type
AUDIT_FIELD_COMPARE which takes as an 'enum' which indicates which fields
should be compared.  At this point we only define the task->uid vs
inode->uid, but other comparisons can be added.

Signed-off-by: Eric Paris <eparis@redhat.com>
include/linux/audit.h diff | blob | history
kernel/auditfilter.c diff | blob | history
kernel/auditsc.c diff | blob | history
Linux Kernel Source Tree.