[PATCH] add filtering by ppid
Al Viro [Sat, 6 May 2006 12:26:27 +0000 (08:26 -0400)]
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

include/linux/audit.h
kernel/auditsc.c

index 1057e90..8f6424f 100644 (file)
 #define AUDIT_SE_TYPE  15      /* security label type */
 #define AUDIT_SE_SEN   16      /* security label sensitivity label */
 #define AUDIT_SE_CLR   17      /* security label clearance label */
+#define AUDIT_PPID     18
 
                                /* These are ONLY useful when checking
                                 * at syscall exit time (AUDIT_AT_EXIT). */
index 4fc3867..e455165 100644 (file)
@@ -188,6 +188,10 @@ static int audit_filter_rules(struct task_struct *tsk,
                case AUDIT_PID:
                        result = audit_comparator(tsk->pid, f->op, f->val);
                        break;
+               case AUDIT_PPID:
+                       if (ctx)
+                               result = audit_comparator(ctx->ppid, f->op, f->val);
+                       break;
                case AUDIT_UID:
                        result = audit_comparator(tsk->uid, f->op, f->val);
                        break;