[PATCH] add/remove rule update

Hi,

The following patch adds a little more information to the add/remove rule message emitted
by the kernel.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 8a3b98175c25b3e16f4e0a79156b37fb45e76c42..d760430c8de3d0288e612ff9b27884057d6f6cd6 100644 (file)
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -240,7 +240,7 @@ struct audit_rule_data {
        __u32           flags;  /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
        __u32           action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
        __u32           field_count;
-       __u32           mask[AUDIT_BITMASK_SIZE];
+       __u32           mask[AUDIT_BITMASK_SIZE]; /* syscall(s) affected */
        __u32           fields[AUDIT_MAX_FIELDS];
        __u32           values[AUDIT_MAX_FIELDS];
        __u32           fieldflags[AUDIT_MAX_FIELDS];

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 686d514a3518c28023985bed8b19b4c6e696dee1..35f8fa82bb8bee1c47ffcb0d6a8faadc698e13c5 100644 (file)
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -487,10 +487,11 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
 
                err = audit_add_rule(entry,
                                     &audit_filter_list[entry->rule.listnr]);
-               if (!err)
-                       audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
-                                 "auid=%u added an audit rule\n", loginuid);
-               else
+               audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                       "auid=%u add rule to list=%d res=%d\n",
+                       loginuid, entry->rule.listnr, !err);
+
+               if (err)
                        audit_free_rule(entry);
                break;
        case AUDIT_DEL:
@@ -504,9 +505,10 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
 
                err = audit_del_rule(entry,
                                     &audit_filter_list[entry->rule.listnr]);
-               if (!err)
-                       audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
-                                 "auid=%u removed an audit rule\n", loginuid);
+               audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                       "auid=%u remove rule from list=%d res=%d\n",
+                       loginuid, entry->rule.listnr, !err);
+
                audit_free_rule(entry);
                break;
        default: