Commit 7ff68e53 authored by Eric Paris's avatar Eric Paris Committed by Al Viro

audit: reject entry,always rules

We deprecated entry,always rules a long time ago.  Reject those rules as
invalid.
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent a4ff8dba
...@@ -235,13 +235,15 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule) ...@@ -235,13 +235,15 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule)
switch(listnr) { switch(listnr) {
default: default:
goto exit_err; goto exit_err;
case AUDIT_FILTER_USER:
case AUDIT_FILTER_TYPE:
#ifdef CONFIG_AUDITSYSCALL #ifdef CONFIG_AUDITSYSCALL
case AUDIT_FILTER_ENTRY: case AUDIT_FILTER_ENTRY:
if (rule->action == AUDIT_ALWAYS)
goto exit_err;
case AUDIT_FILTER_EXIT: case AUDIT_FILTER_EXIT:
case AUDIT_FILTER_TASK: case AUDIT_FILTER_TASK:
#endif #endif
case AUDIT_FILTER_USER:
case AUDIT_FILTER_TYPE:
; ;
} }
if (unlikely(rule->action == AUDIT_POSSIBLE)) { if (unlikely(rule->action == AUDIT_POSSIBLE)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment