filter by ppid
Alexander Viro
aviro at redhat.com
Sat May 6 12:46:19 UTC 2006
Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
---
include/linux/audit.h | 1 +
kernel/auditsc.c | 4 ++++
2 files changed, 5 insertions(+), 0 deletions(-)
5577dff75cbaab5635a5c8127a7f8fb2a9727baf
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 103ed6d..b32d91b 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -152,6 +152,7 @@
#define AUDIT_SE_TYPE 15 /* security label type */
#define AUDIT_SE_SEN 16 /* security label sensitivity label */
#define AUDIT_SE_CLR 17 /* security label clearance label */
+#define AUDIT_PPID 18
/* These are ONLY useful when checking
* at syscall exit time (AUDIT_AT_EXIT). */
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 4fc3867..e455165 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -188,6 +188,10 @@ static int audit_filter_rules(struct tas
case AUDIT_PID:
result = audit_comparator(tsk->pid, f->op, f->val);
break;
+ case AUDIT_PPID:
+ if (ctx)
+ result = audit_comparator(ctx->ppid, f->op, f->val);
+ break;
case AUDIT_UID:
result = audit_comparator(tsk->uid, f->op, f->val);
break;
--
0.99.9.GIT
More information about the Linux-audit
mailing list