Commit 724e4fcc8d80c63c7e56873b41987533db2a04c2
Committed by
Eric Paris
Eric Paris
1 parent
6dd80aba90
Exists in
master
and in
16 other branches
audit: log on errors from filter user rules
An error on an AUDIT_NEVER rule disabled logging on that rule. On error on AUDIT_NEVER rules, log. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
Showing 2 changed files with 8 additions and 5 deletions Side-by-side Diff
kernel/audit.c
kernel/auditfilter.c
| ... | ... | @@ -1290,19 +1290,22 @@ |
| 1290 | 1290 | { |
| 1291 | 1291 | enum audit_state state = AUDIT_DISABLED; |
| 1292 | 1292 | struct audit_entry *e; |
| 1293 | - int ret = 1; | |
| 1293 | + int rc, ret; | |
| 1294 | 1294 | |
| 1295 | + ret = 1; /* Audit by default */ | |
| 1296 | + | |
| 1295 | 1297 | rcu_read_lock(); |
| 1296 | 1298 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) { |
| 1297 | - if (audit_filter_user_rules(&e->rule, type, &state)) { | |
| 1298 | - if (state == AUDIT_DISABLED) | |
| 1299 | + rc = audit_filter_user_rules(&e->rule, type, &state); | |
| 1300 | + if (rc) { | |
| 1301 | + if (rc > 0 && state == AUDIT_DISABLED) | |
| 1299 | 1302 | ret = 0; |
| 1300 | 1303 | break; |
| 1301 | 1304 | } |
| 1302 | 1305 | } |
| 1303 | 1306 | rcu_read_unlock(); |
| 1304 | 1307 | |
| 1305 | - return ret; /* Audit by default */ | |
| 1308 | + return ret; | |
| 1306 | 1309 | } |
| 1307 | 1310 | |
| 1308 | 1311 | int audit_filter_type(int type) |
