audit: reject entry,always rules
We deprecated entry,always rules a long time ago. Reject those rules as invalid. Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
parent
a4ff8dba7d
commit
7ff68e53ec
@ -235,13 +235,15 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule)
|
||||
switch(listnr) {
|
||||
default:
|
||||
goto exit_err;
|
||||
case AUDIT_FILTER_USER:
|
||||
case AUDIT_FILTER_TYPE:
|
||||
#ifdef CONFIG_AUDITSYSCALL
|
||||
case AUDIT_FILTER_ENTRY:
|
||||
if (rule->action == AUDIT_ALWAYS)
|
||||
goto exit_err;
|
||||
case AUDIT_FILTER_EXIT:
|
||||
case AUDIT_FILTER_TASK:
|
||||
#endif
|
||||
case AUDIT_FILTER_USER:
|
||||
case AUDIT_FILTER_TYPE:
|
||||
;
|
||||
}
|
||||
if (unlikely(rule->action == AUDIT_POSSIBLE)) {
|
||||
|
Loading…
Reference in New Issue
Block a user