diff options
| author | Eric Paris <eparis@redhat.com> | 2012-01-03 14:23:07 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-01-17 16:16:59 -0500 |
| commit | 54d3218b31aee5bc9c859ae60fbde933d922448b (patch) | |
| tree | ebc383920713c283133d885191d0c19cb049afd2 | |
| parent | efaffd6e4417860c67576ac760dd6e8bbd15f006 (diff) | |
audit: allow audit matching on inode gid
Much like the ability to filter audit on the uid of an inode collected, we
should be able to filter on the gid of the inode.
Signed-off-by: Eric Paris <eparis@redhat.com>
| -rw-r--r-- | include/linux/audit.h | 1 | ||||
| -rw-r--r-- | kernel/auditfilter.c | 1 | ||||
| -rw-r--r-- | kernel/auditsc.c | 12 |
3 files changed, 14 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 55cb3daaf47..e36aa37c88a 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -224,6 +224,7 @@ #define AUDIT_DIR 107 #define AUDIT_FILETYPE 108 #define AUDIT_OBJ_UID 109 +#define AUDIT_OBJ_GID 110 #define AUDIT_ARG0 200 #define AUDIT_ARG1 (AUDIT_ARG0+1) diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 13e997423dc..f10605c787e 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -462,6 +462,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, case AUDIT_ARG2: case AUDIT_ARG3: case AUDIT_OBJ_UID: + case AUDIT_OBJ_GID: break; case AUDIT_ARCH: entry->rule.arch_f = f; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 5cf3ecc0151..87b375fb12f 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -598,6 +598,18 @@ static int audit_filter_rules(struct task_struct *tsk, } } break; + case AUDIT_OBJ_GID: + if (name) { + result = audit_comparator(name->gid, f->op, f->val); + } else if (ctx) { + list_for_each_entry(n, &ctx->names_list, list) { + if (audit_comparator(n->gid, f->op, f->val)) { + ++result; + break; + } + } + } + break; case AUDIT_WATCH: if (name) result = audit_watch_compare(rule->watch, name->ino, name->dev); |