• Eric Paris's avatar
    audit: allow interfield comparison in audit rules · 02d86a56
    Eric Paris authored
    We wish to be able to audit when a uid=500 task accesses a file which is
    uid=0.  Or vice versa.  This patch introduces a new audit filter type
    AUDIT_FIELD_COMPARE which takes as an 'enum' which indicates which fields
    should be compared.  At this point we only define the task->uid vs
    inode->uid, but other comparisons can be added.
    Signed-off-by: default avatarEric Paris <eparis@redhat.com>
    02d86a56
auditfilter.c 33.3 KB