Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 724e4fcc authored by Richard Guy Briggs's avatar Richard Guy Briggs Committed by Eric Paris
Browse files

audit: log on errors from filter user rules 



An error on an AUDIT_NEVER rule disabled logging on that rule.
On error on AUDIT_NEVER rules, log.

Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent 6dd80aba

kernel/audit.c

+1 −1
Original line number Diff line number Diff line
@@ -869,7 +869,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 
			return 0;



		err = audit_filter_user(msg_type);

		if (err == 1) {

		if (err == 1) { /* match or error */

			err = 0;

			if (msg_type == AUDIT_USER_TTY) {

				err = tty_audit_push_current();

kernel/auditfilter.c

+7 −4
Original line number Diff line number Diff line
@@ -1290,19 +1290,22 @@ int audit_filter_user(int type) 
{

	enum audit_state state = AUDIT_DISABLED;

	struct audit_entry *e;

	int ret = 1;

	int rc, ret;



	ret = 1; /* Audit by default */



	rcu_read_lock();

	list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {

		if (audit_filter_user_rules(&e->rule, type, &state)) {

			if (state == AUDIT_DISABLED)

		rc = audit_filter_user_rules(&e->rule, type, &state);

		if (rc) {

			if (rc > 0 && state == AUDIT_DISABLED)

				ret = 0;

			break;

		}

	}

	rcu_read_unlock();



	return ret; /* Audit by default */

	return ret;

}



int audit_filter_type(int type)