Check for existence of exe rule. --- kernel/audit_tree.c | 2 +- kernel/audit_watch.c | 2 +- kernel/auditfilter.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index 135944a..b4bf5d2 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c @@ -632,7 +632,7 @@ int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op) if (pathname[0] != '/' || rule->listnr != AUDIT_FILTER_EXIT || op != Audit_equal || - rule->inode_f || rule->watch || rule->tree) + rule->inode_f || rule->watch || rule->exe || rule->tree) return -EINVAL; rule->tree = alloc_tree(pathname); if (!rule->tree) diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c index 70b4554..1169de3 100644 --- a/kernel/audit_watch.c +++ b/kernel/audit_watch.c @@ -196,7 +196,7 @@ int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op) if (path[0] != '/' || path[len-1] == '/' || krule->listnr != AUDIT_FILTER_EXIT || op != Audit_equal || - krule->inode_f || krule->watch || krule->tree) + krule->inode_f || krule->watch || krule->exe || krule->tree) return -EINVAL; watch = audit_init_watch(path); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index cae8eae..eede673 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -148,7 +148,7 @@ static inline int audit_to_inode(struct audit_krule *krule, struct audit_field *f) { if (krule->listnr != AUDIT_FILTER_EXIT || - krule->inode_f || krule->watch || krule->tree || + krule->inode_f || krule->watch || krule->exe || krule->tree || (f->op != Audit_equal && f->op != Audit_not_equal)) return -EINVAL; @@ -1423,7 +1423,7 @@ static int update_lsm_rule(struct audit_krule *r) list_del_rcu(&entry->list); list_del(&r->list); } else { - if (r->watch || r->tree) + if (r->watch || r->exe || r->tree) list_replace_init(&r->rlist, &nentry->rule.rlist); list_replace_rcu(&entry->list, &nentry->list); list_replace(&r->list, &nentry->rule.list); -- 1.7.1 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit