linux/kernel/auditfilter.c, branch v2.6.25

Introduce path_put()

2008-02-15T05:13:33Z

* Add path_put() functions for releasing a reference to the dentry and vfsmount of a struct path in the right order * Switch from path_release(nd) to path_put(&nd->path) * Rename dput_path() to path_put_conditional() [akpm@linux-foundation.org: fix cifs] Signed-off-by: Jan Blunck Signed-off-by: Andreas Gruenbacher Acked-by: Christoph Hellwig Cc: Cc: Al Viro Cc: Steven French Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

Embed a struct path into struct nameidata instead of nd->{dentry,mnt}

2008-02-15T05:13:33Z

This is the central patch of a cleanup series. In most cases there is no good reason why someone would want to use a dentry for itself. This series reflects that fact and embeds a struct path into nameidata. Together with the other patches of this series - it enforced the correct order of getting/releasing the reference count on pairs - it prepares the VFS for stacking support since it is essential to have a struct path in every place where the stack can be traversed - it reduces the overall code size: without patch series: text data bss dec hex filename 5321639 858418 715768 6895825 6938d1 vmlinux with patch series: text data bss dec hex filename 5320026 858418 715768 6894212 693284 vmlinux This patch: Switch from nd->{dentry,mnt} to nd->path.{dentry,mnt} everywhere. [akpm@linux-foundation.org: coding-style fixes] [akpm@linux-foundation.org: fix cifs] [akpm@linux-foundation.org: fix smack] Signed-off-by: Jan Blunck Signed-off-by: Andreas Gruenbacher Acked-by: Christoph Hellwig Cc: Al Viro Cc: Casey Schaufler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

[AUDIT] make audit=0 really stop audit messages

2008-02-01T19:24:33Z

Some audit messages (namely configuration changes) are still emitted even if the audit subsystem has been explicitly disabled. This patch turns those messages off as well. Signed-off-by: Eric Paris

[PATCH] audit: watching subtrees

2007-10-21T06:37:45Z

New kind of audit rule predicates: "object is visible in given subtree". The part that can be sanely implemented, that is. Limitations: * if you have hardlink from outside of tree, you'd better watch it too (or just watch the object itself, obviously) * if you mount something under a watched tree, tell audit that new chunk should be added to watched subtrees * if you umount something in a watched tree and it's still mounted elsewhere, you will get matches on events happening there. New command tells audit to recalculate the trees, trimming such sources of false positives. Note that it's _not_ about path - if something mounted in several places (multiple mount, bindings, different namespaces, etc.), the match does _not_ depend on which one we are using for access. Signed-off-by: Al Viro

whitespace fixes: audit filtering

2007-10-18T21:37:24Z

Signed-off-by: Daniel Walker Cc: David Woodhouse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

[PATCH] allow audit filtering on bit & operations

2007-07-22T13:57:02Z

Right now the audit filter can match on = != > < >= blah blah blah. This allow the filter to also look at bitwise AND operations, & Signed-off-by: Eric Paris Signed-off-by: Al Viro

[PATCH] audit: fix broken class-based syscall audit

2007-07-22T13:57:02Z

The sanity check in audit_match_class() is wrong. We are able to audit 2048 syscalls but in audit_match_class() we were accidentally using sizeof(_u32) instead of number of bits in _u32 when deciding how many syscalls were valid. On ia64 in particular we were hitting syscall numbers over the (wrong) limit of 256. Fixing the audit_match_class check takes care of the problem. Signed-off-by: Klaus Weidner Signed-off-by: Al Viro

kernel/auditfilter: kill bogus uninit'd-var compiler warning

2007-07-17T20:17:59Z

Kill this warning... kernel/auditfilter.c: In function ‘audit_receive_filter’: kernel/auditfilter.c:1213: warning: ‘ndw’ may be used uninitialized in this function kernel/auditfilter.c:1213: warning: ‘ndp’ may be used uninitialized in this function ...with a simplification of the code. audit_put_nd() can accept NULL arguments, just like kfree(). It is cleaner to init two existing vars to NULL, remove the redundant test variable 'putnd_needed' branches, and call audit_put_nd() directly. As a desired side effect, the warning goes away. Signed-off-by: Jeff Garzik

audit: fix oops removing watch if audit disabled

2007-06-24T15:59:12Z

Removing a watched file will oops if audit is disabled (auditctl -e 0). To reproduce: - auditctl -e 1 - touch /tmp/foo - auditctl -w /tmp/foo - auditctl -e 0 - rm /tmp/foo (or mv) Signed-off-by: Tony Jones Cc: Al Viro Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

audit_match_signal() and friends are used only if CONFIG_AUDITSYSCALL is set

2007-05-16T01:56:37Z

Signed-off-by: Al Viro Signed-off-by: Linus Torvalds