audit: log on errors from filter user rules
An error on an AUDIT_NEVER rule disabled logging on that rule. On error on AUDIT_NEVER rules, log. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
parent
6dd80aba90
commit
724e4fcc8d
|
@ -869,7 +869,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
err = audit_filter_user(msg_type);
|
err = audit_filter_user(msg_type);
|
||||||
if (err == 1) {
|
if (err == 1) { /* match or error */
|
||||||
err = 0;
|
err = 0;
|
||||||
if (msg_type == AUDIT_USER_TTY) {
|
if (msg_type == AUDIT_USER_TTY) {
|
||||||
err = tty_audit_push_current();
|
err = tty_audit_push_current();
|
||||||
|
|
|
@ -1290,19 +1290,22 @@ int audit_filter_user(int type)
|
||||||
{
|
{
|
||||||
enum audit_state state = AUDIT_DISABLED;
|
enum audit_state state = AUDIT_DISABLED;
|
||||||
struct audit_entry *e;
|
struct audit_entry *e;
|
||||||
int ret = 1;
|
int rc, ret;
|
||||||
|
|
||||||
|
ret = 1; /* Audit by default */
|
||||||
|
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
|
list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
|
||||||
if (audit_filter_user_rules(&e->rule, type, &state)) {
|
rc = audit_filter_user_rules(&e->rule, type, &state);
|
||||||
if (state == AUDIT_DISABLED)
|
if (rc) {
|
||||||
|
if (rc > 0 && state == AUDIT_DISABLED)
|
||||||
ret = 0;
|
ret = 0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
|
|
||||||
return ret; /* Audit by default */
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int audit_filter_type(int type)
|
int audit_filter_type(int type)
|
||||||
|
|
Loading…
Reference in New Issue