[PATCH] add/remove rule update
Steve Grubb [Mon, 9 Jan 2006 14:48:17 +0000 (09:48 -0500)]
Hi,

The following patch adds a little more information to the add/remove rule message emitted
by the kernel.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

include/linux/audit.h
kernel/auditfilter.c

index 8a3b981..d760430 100644 (file)
@@ -240,7 +240,7 @@ struct audit_rule_data {
        __u32           flags;  /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
        __u32           action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
        __u32           field_count;
-       __u32           mask[AUDIT_BITMASK_SIZE];
+       __u32           mask[AUDIT_BITMASK_SIZE]; /* syscall(s) affected */
        __u32           fields[AUDIT_MAX_FIELDS];
        __u32           values[AUDIT_MAX_FIELDS];
        __u32           fieldflags[AUDIT_MAX_FIELDS];
index 686d514..35f8fa8 100644 (file)
@@ -487,10 +487,11 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
 
                err = audit_add_rule(entry,
                                     &audit_filter_list[entry->rule.listnr]);
-               if (!err)
-                       audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
-                                 "auid=%u added an audit rule\n", loginuid);
-               else
+               audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                       "auid=%u add rule to list=%d res=%d\n",
+                       loginuid, entry->rule.listnr, !err);
+
+               if (err)
                        audit_free_rule(entry);
                break;
        case AUDIT_DEL:
@@ -504,9 +505,10 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
 
                err = audit_del_rule(entry,
                                     &audit_filter_list[entry->rule.listnr]);
-               if (!err)
-                       audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
-                                 "auid=%u removed an audit rule\n", loginuid);
+               audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                       "auid=%u remove rule from list=%d res=%d\n",
+                       loginuid, entry->rule.listnr, !err);
+
                audit_free_rule(entry);
                break;
        default: