summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorEric Paris2012-01-03 20:23:07 +0100
committerAl Viro2012-01-17 22:16:59 +0100
commit54d3218b31aee5bc9c859ae60fbde933d922448b (patch)
treeebc383920713c283133d885191d0c19cb049afd2 /kernel
parentaudit: allow matching on obj_uid (diff)
downloadkernel-qcow2-linux-54d3218b31aee5bc9c859ae60fbde933d922448b.tar.gz
kernel-qcow2-linux-54d3218b31aee5bc9c859ae60fbde933d922448b.tar.xz
kernel-qcow2-linux-54d3218b31aee5bc9c859ae60fbde933d922448b.zip
audit: allow audit matching on inode gid
Much like the ability to filter audit on the uid of an inode collected, we should be able to filter on the gid of the inode. Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditfilter.c1
-rw-r--r--kernel/auditsc.c12
2 files changed, 13 insertions, 0 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 13e997423dcd..f10605c787e6 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -462,6 +462,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
case AUDIT_ARG2:
case AUDIT_ARG3:
case AUDIT_OBJ_UID:
+ case AUDIT_OBJ_GID:
break;
case AUDIT_ARCH:
entry->rule.arch_f = f;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 5cf3ecc01517..87b375fb12ff 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -598,6 +598,18 @@ static int audit_filter_rules(struct task_struct *tsk,
}
}
break;
+ case AUDIT_OBJ_GID:
+ if (name) {
+ result = audit_comparator(name->gid, f->op, f->val);
+ } else if (ctx) {
+ list_for_each_entry(n, &ctx->names_list, list) {
+ if (audit_comparator(n->gid, f->op, f->val)) {
+ ++result;
+ break;
+ }
+ }
+ }
+ break;
case AUDIT_WATCH:
if (name)
result = audit_watch_compare(rule->watch, name->ino, name->dev);