linux-toradex.git/kernel/auditsc.c, branch v2.6.14-rc4 Linux kernel for Apalis and Colibri modules [AUDIT] Allow filtering on system call success _or_ failure 2005-08-27T09:25:43+00:00 David Woodhouse dwmw2@shinybook.infradead.org 2005-08-27T09:25:43+00:00 b01f2cc1c37ac3d5ca313c90370a586dffe5aca9 Signed-off-by: David Woodhouse <dwmw2@infradead.org> 
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
AUDIT: Prevent duplicate syscall rules 2005-08-17T15:05:35+00:00 Amy Griffis amy.griffis@hp.com 2005-08-17T15:05:35+00:00 3c789a19054034847afe80af2f23ebb0eebfbad6 The following patch against audit.81 prevents duplicate syscall rules in a given filter list by walking the list on each rule add. I also removed the unused struct audit_entry in audit.c and made the static inlines in auditsc.c consistent. Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org> 
The following patch against audit.81 prevents duplicate syscall rules in
a given filter list by walking the list on each rule add.

I also removed the unused struct audit_entry in audit.c and made the
static inlines in auditsc.c consistent.

Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
AUDIT: Speed up audit_filter_syscall() for the non-auditable case. 2005-08-17T13:49:57+00:00 David Woodhouse dwmw2@shinybook.infradead.org 2005-08-17T13:49:57+00:00 c3896495942392f1a792da1cafba7a573cbf6fc2 It was showing up fairly high on profiles even when no rules were set. Make sure the common path stays as fast as possible. Signed-off-by: David Woodhouse <dwmw2@infradead.org> 
It was showing up fairly high on profiles even when no rules were set.
Make sure the common path stays as fast as possible.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
AUDIT: Fix task refcount leak in audit_filter_syscall() 2005-08-17T13:45:55+00:00 David Woodhouse dwmw2@shinybook.infradead.org 2005-08-17T13:45:55+00:00 413a1c7520ad6207c9122a749983c500f29e3e32 Signed-off-by: David Woodhouse <dwmw2@infradead.org> 
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
AUDIT: Reduce contention in audit_serial() 2005-07-18T18:24:46+00:00 David Woodhouse dwmw2@shinybook.infradead.org 2005-07-18T18:24:46+00:00 ce625a801664d8ed7344117bbb57510e4e0e872c ... by generating serial numbers only if an audit context is actually _used_, rather than doing so at syscall entry even when the context isn't necessarily marked auditable. Signed-off-by: David Woodhouse <dwmw2@infradead.org> 
... by generating serial numbers only if an audit context is actually
_used_, rather than doing so at syscall entry even when the context
isn't necessarily marked auditable.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
AUDIT: Fix compile error in audit_filter_syscall 2005-07-14T13:40:06+00:00 David Woodhouse dwmw2@shinybook.infradead.org 2005-07-14T13:40:06+00:00 351bb722590b2329ac5e72c4b824b8b6ce6e3082 We didn't rename it to audit_tgid after all. Except once... Doh. Signed-off-by: David Woodhouse <dwmw2@infradead.org> 
We didn't rename it to audit_tgid after all. Except once... Doh.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
AUDIT: Avoid scheduling in idle thread 2005-07-13T21:47:07+00:00 David Woodhouse dwmw2@shinybook.infradead.org 2005-07-13T21:47:07+00:00 f55619642e863990d5a46cf2c2c840170d22a9f9 When we flush a pending syscall audit record due to audit_free(), we might be doing that in the context of the idle thread. So use GFP_ATOMIC Signed-off-by: David Woodhouse <dwmw2@infradead.org> 
When we flush a pending syscall audit record due to audit_free(), we
might be doing that in the context of the idle thread. So use GFP_ATOMIC

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
AUDIT: Exempt the whole auditd thread-group from auditing 2005-07-13T21:39:34+00:00 David Woodhouse dwmw2@shinybook.infradead.org 2005-07-13T21:39:34+00:00 582edda586120004d0fb67113115fa442a0a1571 and not just the one thread. Signed-off-by: David Woodhouse <dwmw2@infradead.org> 
and not just the one thread.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
AUDIT: Really don't audit auditd. 2005-07-02T13:10:46+00:00 David Woodhouse dwmw2@shinybook.infradead.org 2005-07-02T13:10:46+00:00 21af6c4f2aa5f63138871b4ddd77d7ebf2588c9d The pid in the audit context isn't always set up. Use tsk->pid when checking whether it's auditd in audit_filter_syscall(), instead of ctx->pid. Remove a band-aid which did the same elsewhere. Signed-off-by: David Woodhouse <dwmw2@infradead.org> 
The pid in the audit context isn't always set up. Use tsk->pid when 
checking whether it's auditd in audit_filter_syscall(), instead of 
ctx->pid. Remove a band-aid which did the same elsewhere.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
AUDIT: Clean up user message filtering 2005-06-24T13:14:05+00:00 David Woodhouse dwmw2@shinybook.infradead.org 2005-06-24T13:14:05+00:00 5bb289b5a0becb53ac3e1d60815ff8b779296b73 Don't look up the task by its pid and then use the syscall filtering helper. Just implement our own filter helper which operates solely on the information in the netlink_skb_parms. Signed-off-by: David Woodhouse <dwmw2@infradead.org> 
Don't look up the task by its pid and then use the syscall filtering
helper. Just implement our own filter helper which operates solely on
the information in the netlink_skb_parms. 

Signed-off-by: David Woodhouse <dwmw2@infradead.org>