summaryrefslogtreecommitdiffstats
path: root/kernel/audit.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2013-04-19 01:16:36 +0200
committerEric Paris <eparis@redhat.com>2013-04-30 21:31:28 +0200
commit18900909163758baf2152c9102b1a0953f7f1c30 (patch)
tree0b5c2920d599911c39c78f021da34f71c1ca021e /kernel/audit.c
parentaudit: make validity checking generic (diff)
downloadlinux-18900909163758baf2152c9102b1a0953f7f1c30.tar.xz
linux-18900909163758baf2152c9102b1a0953f7f1c30.zip
audit: remove the old depricated kernel interface
We used to have an inflexible mechanism to add audit rules to the kernel. It hasn't been used in a long time. Get rid of that stuff. Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c28
1 files changed, 5 insertions, 23 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 132271448b89..274882d308d3 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -597,13 +597,14 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
return -EPERM;
switch (msg_type) {
- case AUDIT_GET:
case AUDIT_LIST:
- case AUDIT_LIST_RULES:
- case AUDIT_SET:
case AUDIT_ADD:
- case AUDIT_ADD_RULE:
case AUDIT_DEL:
+ return -EOPNOTSUPP;
+ case AUDIT_GET:
+ case AUDIT_SET:
+ case AUDIT_LIST_RULES:
+ case AUDIT_ADD_RULE:
case AUDIT_DEL_RULE:
case AUDIT_SIGNAL_INFO:
case AUDIT_TTY_GET:
@@ -766,25 +767,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
audit_log_end(ab);
}
break;
- case AUDIT_ADD:
- case AUDIT_DEL:
- if (nlmsg_len(nlh) < sizeof(struct audit_rule))
- return -EINVAL;
- if (audit_enabled == AUDIT_LOCKED) {
- audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE,
- loginuid, sessionid, sid);
-
- audit_log_format(ab, " audit_enabled=%d res=0",
- audit_enabled);
- audit_log_end(ab);
- return -EPERM;
- }
- /* fallthrough */
- case AUDIT_LIST:
- err = audit_receive_filter(msg_type, NETLINK_CB(skb).portid,
- seq, data, nlmsg_len(nlh),
- loginuid, sessionid, sid);
- break;
case AUDIT_ADD_RULE:
case AUDIT_DEL_RULE:
if (nlmsg_len(nlh) < sizeof(struct audit_rule_data))