diff options
author | Eric Paris <eparis@redhat.com> | 2012-01-03 14:23:07 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-01-17 16:16:58 -0500 |
commit | 7ff68e53ece8c175d2951bb8a30b3cce8f9c5579 (patch) | |
tree | cde525e879e2e2434b0e3b23248588f015f5df04 /kernel | |
parent | a4ff8dba7d8ce5ceb43fb27df66292251cc73bdc (diff) |
audit: reject entry,always rules
We deprecated entry,always rules a long time ago. Reject those rules as
invalid.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditfilter.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index d94dde82c3c..903caa269b5 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -235,13 +235,15 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule) switch(listnr) { default: goto exit_err; - case AUDIT_FILTER_USER: - case AUDIT_FILTER_TYPE: #ifdef CONFIG_AUDITSYSCALL case AUDIT_FILTER_ENTRY: + if (rule->action == AUDIT_ALWAYS) + goto exit_err; case AUDIT_FILTER_EXIT: case AUDIT_FILTER_TASK: #endif + case AUDIT_FILTER_USER: + case AUDIT_FILTER_TYPE: ; } if (unlikely(rule->action == AUDIT_POSSIBLE)) { |