summaryrefslogtreecommitdiffstats
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
authorOndrej Mosnáček <omosnace@redhat.com>2018-04-09 10:00:06 +0200
committerPaul Moore <paul@paul-moore.com>2018-04-24 17:18:10 +0200
commit23bcc480dac204c7dbdf49d96b2c918ed98223c2 (patch)
treed2e2fa1b394911fc278384b647a914ab506feca8 /kernel/auditsc.c
parentaudit: add syscall information to FEATURE_CHANGE records (diff)
downloadlinux-23bcc480dac204c7dbdf49d96b2c918ed98223c2.tar.xz
linux-23bcc480dac204c7dbdf49d96b2c918ed98223c2.zip
audit: allow not equal op for audit by executable
Current implementation of auditing by executable name only implements the 'equal' operator. This patch extends it to also support the 'not equal' operator. See: https://github.com/linux-audit/audit-kernel/issues/53 Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 4e0a4ac803db..479c031ec54c 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -471,6 +471,8 @@ static int audit_filter_rules(struct task_struct *tsk,
break;
case AUDIT_EXE:
result = audit_exe_compare(tsk, rule->exe);
+ if (f->op == Audit_not_equal)
+ result = !result;
break;
case AUDIT_UID:
result = audit_uid_comparator(cred->uid, f->op, f->uid);