[PATCH] add/remove rule update

[Steve Grubb]

Hi,

The following patch adds a little more information to the add/remove rule message emitted 
by the kernel.

Signed-off-by: Steve Grubb <sgrubb at redhat.com>



diff -urp linux-2.6.14.orig/include/linux/audit.h linux-2.6.14/include/linux/audit.h
--- linux-2.6.14.orig/include/linux/audit.h	2006-01-05 10:13:30.000000000 -0500
+++ linux-2.6.14/include/linux/audit.h	2006-01-05 10:12:09.000000000 -0500
@@ -238,7 +238,7 @@ struct audit_rule {		/* for AUDIT_LIST, 
 	__u32		flags;	/* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
 	__u32		action;	/* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
 	__u32		field_count;
-	__u32		mask[AUDIT_BITMASK_SIZE];
+	__u32		mask[AUDIT_BITMASK_SIZE]; /* syscall(s) affected */
 	__u32		fields[AUDIT_MAX_FIELDS];
 	__u32		values[AUDIT_MAX_FIELDS];
 };
diff -urp linux-2.6.14.orig/kernel/auditfilter.c linux-2.6.14/kernel/auditfilter.c
--- linux-2.6.14.orig/kernel/auditfilter.c	2006-01-05 10:13:40.000000000 -0500
+++ linux-2.6.14/kernel/auditfilter.c	2006-01-05 10:11:29.000000000 -0500
@@ -243,9 +243,9 @@ int audit_receive_filter(int type, int p
 			;
 		}
 		err = audit_add_rule(data, &audit_filter_list[listnr]);
-		if (!err)
-			audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
-				  "auid=%u added an audit rule\n", loginuid);
+		audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+			  "auid=%u added rule to list=%d res=%d\n",
+			  loginuid, listnr, !err);
 		break;
 	case AUDIT_DEL:
 		listnr =((struct audit_rule *)data)->flags & ~AUDIT_FILTER_PREPEND;
@@ -253,9 +253,9 @@ int audit_receive_filter(int type, int p
 			return -EINVAL;
 
 		err = audit_del_rule(data, &audit_filter_list[listnr]);
-		if (!err)
-			audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
-				  "auid=%u removed an audit rule\n", loginuid);
+		audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+			  "auid=%u removed rule from list=%d res=%d\n",
+			  loginuid, listnr, !err);
 		break;
 	default:
 		return -EINVAL;