[PATCH 00/14] audit by executable name
Richard Guy Briggs
rgb at redhat.com
Wed Jun 18 03:09:35 UTC 2014
This is a continuation of Peter Moody, my and Eric Paris' work to implement
audit by executable name.
Some of these are obvious. Some demonstrate my lack of understanding of the
problem and of the services of fs/notify because they put needless restrictions
due to the orthogonal nature of the features involved or attempt to solve
problems that don't exist. Posting this now to clarify some of that and move
on...
Eric Paris (3):
audit: implement audit by executable
audit: clean simple fsnotify implementation
audit: convert audit_exe to audit_fsnotify
Richard Guy Briggs (11):
fixup! audit: convert audit_exe to audit_fsnotify
fixup! audit: clean simple fsnotify implementation
audit: avoid double copying the audit_exe path string
fixup! audit: convert audit_exe to audit_fsnotify
fixup! audit: clean simple fsnotify implementation
audit: put rule existence check in canonical order
fixup! audit: implement audit by executable
fixup! audit: implement audit by executable
fixup! audit: clean simple fsnotify implementation
audit: continue fleshing out audit by exe
audit: enable audit_get/put_mark()
include/linux/audit.h | 2 +
include/uapi/linux/audit.h | 2 +
kernel/Makefile | 2 +-
kernel/audit.h | 42 +++++++
kernel/audit_exe.c | 50 +++++++++
kernel/audit_fsnotify.c | 257 ++++++++++++++++++++++++++++++++++++++++++++
kernel/audit_tree.c | 2 +-
kernel/audit_watch.c | 2 +-
kernel/auditfilter.c | 74 ++++++++++++-
kernel/auditsc.c | 16 +++
10 files changed, 442 insertions(+), 7 deletions(-)
create mode 100644 kernel/audit_exe.c
create mode 100644 kernel/audit_fsnotify.c
More information about the Linux-audit
mailing list