Switch from AUDIT_FILTER_PATH to AUDIT_FILTER_FS to align with the userspace request to avoid a name collision with the path record and path field option.
Also update the corresponding feature bitmap macros. See: https://github.com/linux-audit/audit-kernel/issues/8 See: https://github.com/linux-audit/audit-userspace/issues/15 Signed-off-by: Richard Guy Briggs <[email protected]> --- include/uapi/linux/audit.h | 6 +++--- kernel/auditfilter.c | 10 +++++----- kernel/auditsc.c | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 0464910..cfaf346 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -155,7 +155,7 @@ #define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */ #define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */ #define AUDIT_FILTER_TYPE 0x05 /* Apply rule at audit_log_start */ -#define AUDIT_FILTER_PATH 0x06 /* Apply rule at __audit_inode_child */ +#define AUDIT_FILTER_FS 0x06 /* Apply rule at __audit_inode_child */ #define AUDIT_NR_FILTERS 7 @@ -336,14 +336,14 @@ enum { #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH 0x00000004 #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER 0x00000010 #define AUDIT_FEATURE_BITMAP_LOST_RESET 0x00000020 -#define AUDIT_FEATURE_BITMAP_FILTER_PATH 0x00000040 +#define AUDIT_FEATURE_BITMAP_FILTER_FS 0x00000040 #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \ AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \ AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \ AUDIT_FEATURE_BITMAP_SESSIONID_FILTER | \ AUDIT_FEATURE_BITMAP_LOST_RESET | \ - AUDIT_FEATURE_BITMAP_FILTER_PATH) + AUDIT_FEATURE_BITMAP_FILTER_FS) /* deprecated: AUDIT_VERSION_* */ #define AUDIT_VERSION_LATEST AUDIT_FEATURE_BITMAP_ALL diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 3e0ccf2..0fe34ce 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -265,7 +265,7 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule_data * #endif case AUDIT_FILTER_USER: case AUDIT_FILTER_TYPE: - case AUDIT_FILTER_PATH: + case AUDIT_FILTER_FS: ; } if (unlikely(rule->action == AUDIT_POSSIBLE)) { @@ -342,13 +342,13 @@ static int audit_field_valid(struct audit_entry *entry, struct audit_field *f) return -EINVAL; break; case AUDIT_FSTYPE: - if (entry->rule.listnr != AUDIT_FILTER_PATH) + if (entry->rule.listnr != AUDIT_FILTER_FS) return -EINVAL; break; } switch(entry->rule.listnr) { - case AUDIT_FILTER_PATH: + case AUDIT_FILTER_FS: switch(f->type) { case AUDIT_FSTYPE: case AUDIT_FILTERKEY: @@ -933,7 +933,7 @@ static inline int audit_add_rule(struct audit_entry *entry) switch(entry->rule.listnr) { case AUDIT_FILTER_USER: case AUDIT_FILTER_TYPE: - case AUDIT_FILTER_PATH: + case AUDIT_FILTER_FS: dont_count = 1; } #endif @@ -1015,7 +1015,7 @@ int audit_del_rule(struct audit_entry *entry) switch(entry->rule.listnr) { case AUDIT_FILTER_USER: case AUDIT_FILTER_TYPE: - case AUDIT_FILTER_PATH: + case AUDIT_FILTER_FS: dont_count = 1; } #endif diff --git a/kernel/auditsc.c b/kernel/auditsc.c index a12531f..7f369b2 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1869,7 +1869,7 @@ void __audit_inode_child(struct inode *parent, const char *dname = dentry->d_name.name; struct audit_names *n, *found_parent = NULL, *found_child = NULL; struct audit_entry *e; - struct list_head *list = &audit_filter_list[AUDIT_FILTER_PATH]; + struct list_head *list = &audit_filter_list[AUDIT_FILTER_FS]; int i; if (!context->in_syscall) -- 1.7.1 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
