diff options
author | Ondrej Mosnáček | 2018-05-30 10:45:24 +0200 |
---|---|---|
committer | Paul Moore | 2018-06-19 15:33:42 +0200 |
commit | 29c1372d6a9b872acf479ba2744e4e7f043981c0 (patch) | |
tree | 05bbfde74456e7b8aaccd618a5c05dd5cc10d02c /kernel/auditsc.c | |
parent | Linux 4.18-rc1 (diff) | |
download | kernel-qcow2-linux-29c1372d6a9b872acf479ba2744e4e7f043981c0.tar.gz kernel-qcow2-linux-29c1372d6a9b872acf479ba2744e4e7f043981c0.tar.xz kernel-qcow2-linux-29c1372d6a9b872acf479ba2744e4e7f043981c0.zip |
audit: allow other filter list types for AUDIT_EXE
This patch removes the restriction of the AUDIT_EXE field to only
SYSCALL filter and teaches audit_filter to recognize this field.
This makes it possible to write rule lists such as:
auditctl -a exit,always [some general rule]
# Filter out events with executable name /bin/exe1 or /bin/exe2:
auditctl -a exclude,always -F exe=/bin/exe1
auditctl -a exclude,always -F exe=/bin/exe2
See: https://github.com/linux-audit/audit-kernel/issues/54
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/auditsc.c')
0 files changed, 0 insertions, 0 deletions