audit: log on errors from filter user rules

An error on an AUDIT_NEVER rule disabled logging on that rule.
On error on AUDIT_NEVER rules, log.

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Richard Guy Briggs 2013-11-25 21:57:51 -05:00 committed by Eric Paris
parent 6dd80aba90
commit 724e4fcc8d
2 changed files with 8 additions and 5 deletions

View File

@ -869,7 +869,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
return 0; return 0;
err = audit_filter_user(msg_type); err = audit_filter_user(msg_type);
if (err == 1) { if (err == 1) { /* match or error */
err = 0; err = 0;
if (msg_type == AUDIT_USER_TTY) { if (msg_type == AUDIT_USER_TTY) {
err = tty_audit_push_current(); err = tty_audit_push_current();

View File

@ -1290,19 +1290,22 @@ int audit_filter_user(int type)
{ {
enum audit_state state = AUDIT_DISABLED; enum audit_state state = AUDIT_DISABLED;
struct audit_entry *e; struct audit_entry *e;
int ret = 1; int rc, ret;
ret = 1; /* Audit by default */
rcu_read_lock(); rcu_read_lock();
list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) { list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
if (audit_filter_user_rules(&e->rule, type, &state)) { rc = audit_filter_user_rules(&e->rule, type, &state);
if (state == AUDIT_DISABLED) if (rc) {
if (rc > 0 && state == AUDIT_DISABLED)
ret = 0; ret = 0;
break; break;
} }
} }
rcu_read_unlock(); rcu_read_unlock();
return ret; /* Audit by default */ return ret;
} }
int audit_filter_type(int type) int audit_filter_type(int type)