The commit ("audit: add filtering for io_uring records") added support for filtering io_uring operations. The PERM field is invalid for io_uring filtering, so block it.
Signed-off-by: Richard Guy Briggs <r...@redhat.com> --- kernel/auditfilter.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index bcdedfd1088c..d75acb014ccd 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -336,6 +336,10 @@ static int audit_field_valid(struct audit_entry *entry, struct audit_field *f) if (entry->rule.listnr != AUDIT_FILTER_FS) return -EINVAL; break; + case AUDIT_PERM: + if (entry->rule.listnr == AUDIT_FILTER_URING_EXIT) + return -EINVAL; + break; } switch (entry->rule.listnr) { -- 2.27.0 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit