[PATCH] deprecate AUDIT_POSSBILE
Al Viro [Tue, 23 May 2006 05:36:13 +0000 (01:36 -0400)]
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

kernel/auditfilter.c
kernel/auditsc.c

index b3fccd6..df9503d 100644 (file)
@@ -128,8 +128,11 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule)
 #endif
                ;
        }
-       if (rule->action != AUDIT_NEVER && rule->action != AUDIT_POSSIBLE &&
-           rule->action != AUDIT_ALWAYS)
+       if (unlikely(rule->action == AUDIT_POSSIBLE)) {
+               printk(KERN_ERR "AUDIT_POSSIBLE is deprecated\n");
+               goto exit_err;
+       }
+       if (rule->action != AUDIT_NEVER && rule->action != AUDIT_ALWAYS)
                goto exit_err;
        if (rule->field_count > AUDIT_MAX_FIELDS)
                goto exit_err;
@@ -734,7 +737,6 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb,
        }
        switch (rule->action) {
        case AUDIT_NEVER:    *state = AUDIT_DISABLED;       break;
-       case AUDIT_POSSIBLE: *state = AUDIT_BUILD_CONTEXT;  break;
        case AUDIT_ALWAYS:   *state = AUDIT_RECORD_CONTEXT; break;
        }
        return 1;
index 05d31ee..4503c46 100644 (file)
@@ -307,7 +307,6 @@ static int audit_filter_rules(struct task_struct *tsk,
        }
        switch (rule->action) {
        case AUDIT_NEVER:    *state = AUDIT_DISABLED;       break;
-       case AUDIT_POSSIBLE: *state = AUDIT_BUILD_CONTEXT;  break;
        case AUDIT_ALWAYS:   *state = AUDIT_RECORD_CONTEXT; break;
        }
        return 1;