git.openpandora.org / pandora-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 29ef73b) | patch
audit: allow interfield comparison in audit rules
authorEric Paris <eparis@redhat.com>
Tue, 3 Jan 2012 19:23:08 +0000 (14:23 -0500)
committerAl Viro <viro@zeniv.linux.org.uk>
Tue, 17 Jan 2012 21:17:01 +0000 (16:17 -0500)
commit02d86a568c6d2d335256864451ac8ce781bc5652
tree3ef085bd96cc79733cff28993379dbbd4b855813tree | snapshot
parent29ef73b7a823b77a7cd0bdd7d7cded3fb6c2587bcommit | diff
audit: allow interfield comparison in audit rules

We wish to be able to audit when a uid=500 task accesses a file which is
uid=0.  Or vice versa.  This patch introduces a new audit filter type
AUDIT_FIELD_COMPARE which takes as an 'enum' which indicates which fields
should be compared.  At this point we only define the task->uid vs
inode->uid, but other comparisons can be added.

Signed-off-by: Eric Paris <eparis@redhat.com>
include/linux/audit.h diff | blob | history
kernel/auditfilter.c diff | blob | history
kernel/auditsc.c diff | blob | history
Pandora Kernel Repository