tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork

Configure Feed

Select the types of activity you want to include in your feed.

[PATCH] introduce audit rules counter

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Al Viro 471a5c7c 5422e01a

+29
+2
include/linux/audit.h
··· 410 410 return __audit_mq_getsetattr(mqdes, mqstat); 411 411 return 0; 412 412 } 413 + extern int audit_n_rules; 413 414 #else 414 415 #define audit_alloc(t) ({ 0; }) 415 416 #define audit_free(t) do { ; } while (0) ··· 438 437 #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) 439 438 #define audit_mq_notify(d,n) ({ 0; }) 440 439 #define audit_mq_getsetattr(d,s) ({ 0; }) 440 + #define audit_n_rules 0 441 441 #endif 442 442 443 443 #ifdef CONFIG_AUDIT
+24
kernel/auditfilter.c
··· 1136 1136 struct audit_watch *watch = entry->rule.watch; 1137 1137 struct nameidata *ndp, *ndw; 1138 1138 int h, err, putnd_needed = 0; 1139 + #ifdef CONFIG_AUDITSYSCALL 1140 + int dont_count = 0; 1141 + 1142 + /* If either of these, don't count towards total */ 1143 + if (entry->rule.listnr == AUDIT_FILTER_USER || 1144 + entry->rule.listnr == AUDIT_FILTER_TYPE) 1145 + dont_count = 1; 1146 + #endif 1139 1147 1140 1148 if (inode_f) { 1141 1149 h = audit_hash_ino(inode_f->val); ··· 1184 1176 } else { 1185 1177 list_add_tail_rcu(&entry->list, list); 1186 1178 } 1179 + #ifdef CONFIG_AUDITSYSCALL 1180 + if (!dont_count) 1181 + audit_n_rules++; 1182 + #endif 1187 1183 mutex_unlock(&audit_filter_mutex); 1188 1184 1189 1185 if (putnd_needed) ··· 1212 1200 struct audit_watch *watch, *tmp_watch = entry->rule.watch; 1213 1201 LIST_HEAD(inotify_list); 1214 1202 int h, ret = 0; 1203 + #ifdef CONFIG_AUDITSYSCALL 1204 + int dont_count = 0; 1205 + 1206 + /* If either of these, don't count towards total */ 1207 + if (entry->rule.listnr == AUDIT_FILTER_USER || 1208 + entry->rule.listnr == AUDIT_FILTER_TYPE) 1209 + dont_count = 1; 1210 + #endif 1215 1211 1216 1212 if (inode_f) { 1217 1213 h = audit_hash_ino(inode_f->val); ··· 1257 1237 list_del_rcu(&e->list); 1258 1238 call_rcu(&e->rcu, audit_free_rule_rcu); 1259 1239 1240 + #ifdef CONFIG_AUDITSYSCALL 1241 + if (!dont_count) 1242 + audit_n_rules--; 1243 + #endif 1260 1244 mutex_unlock(&audit_filter_mutex); 1261 1245 1262 1246 if (!list_empty(&inotify_list))
+3
kernel/auditsc.c
··· 85 85 /* Indicates that audit should log the full pathname. */ 86 86 #define AUDIT_NAME_FULL -1 87 87 88 + /* number of audit rules */ 89 + int audit_n_rules; 90 + 88 91 /* When fs/namei.c:getname() is called, we store the pointer in name and 89 92 * we don't let putname() free it (instead we free all of the saved 90 93 * pointers at syscall exit time).