This is a continuation of Peter Moody, my and Eric Paris' work to implement audit by executable name.
Some of these are obvious. Some demonstrate my lack of understanding of the problem and of the services of fs/notify because they put needless restrictions due to the orthogonal nature of the features involved or attempt to solve problems that don't exist. Posting this now to clarify some of that and move on... Eric Paris (3): audit: implement audit by executable audit: clean simple fsnotify implementation audit: convert audit_exe to audit_fsnotify Richard Guy Briggs (11): fixup! audit: convert audit_exe to audit_fsnotify fixup! audit: clean simple fsnotify implementation audit: avoid double copying the audit_exe path string fixup! audit: convert audit_exe to audit_fsnotify fixup! audit: clean simple fsnotify implementation audit: put rule existence check in canonical order fixup! audit: implement audit by executable fixup! audit: implement audit by executable fixup! audit: clean simple fsnotify implementation audit: continue fleshing out audit by exe audit: enable audit_get/put_mark() include/linux/audit.h | 2 + include/uapi/linux/audit.h | 2 + kernel/Makefile | 2 +- kernel/audit.h | 42 +++++++ kernel/audit_exe.c | 50 +++++++++ kernel/audit_fsnotify.c | 257 ++++++++++++++++++++++++++++++++++++++++++++ kernel/audit_tree.c | 2 +- kernel/audit_watch.c | 2 +- kernel/auditfilter.c | 74 ++++++++++++- kernel/auditsc.c | 16 +++ 10 files changed, 442 insertions(+), 7 deletions(-) create mode 100644 kernel/audit_exe.c create mode 100644 kernel/audit_fsnotify.c -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit