[PATCH] add/remove rule update

Hi, The following patch adds a little more information to the add/remove rule message emitted by the kernel. Signed-off-by: Steve Grubb <[email protected]> Signed-off-by: Al Viro <[email protected]>
chewitt · Mar 20, 2006 · 5d33010 · 5d33010
1 parent 93315ed
commit 5d33010
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 8 deletions.
diff --git a/include/linux/audit.h b/include/linux/audit.h
@@ -240,7 +240,7 @@ struct audit_rule_data {
 	__u32		flags;	/* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
 	__u32		action;	/* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
 	__u32		field_count;
-	__u32		mask[AUDIT_BITMASK_SIZE];
+	__u32		mask[AUDIT_BITMASK_SIZE]; /* syscall(s) affected */
 	__u32		fields[AUDIT_MAX_FIELDS];
 	__u32		values[AUDIT_MAX_FIELDS];
 	__u32		fieldflags[AUDIT_MAX_FIELDS];

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
@@ -487,10 +487,11 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
 
 		err = audit_add_rule(entry,
 				     &audit_filter_list[entry->rule.listnr]);
-		if (!err)
-			audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
-				  "auid=%u added an audit rule\n", loginuid);
-		else
+		audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+			"auid=%u add rule to list=%d res=%d\n",
+			loginuid, entry->rule.listnr, !err);
+
+		if (err)
 			audit_free_rule(entry);
 		break;
 	case AUDIT_DEL:
@@ -504,9 +505,10 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
 
 		err = audit_del_rule(entry,
 				     &audit_filter_list[entry->rule.listnr]);
-		if (!err)
-			audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
-				  "auid=%u removed an audit rule\n", loginuid);
+		audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+			"auid=%u remove rule from list=%d res=%d\n",
+			loginuid, entry->rule.listnr, !err);
+
 		audit_free_rule(entry);
 		break;
 	default: