[AUDIT] Allow filtering on system call success _or_ failure
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
This commit is contained in:
parent
17888225c2
commit
b01f2cc1c3
@ -440,8 +440,12 @@ static int audit_filter_rules(struct task_struct *tsk,
|
|||||||
result = (ctx->return_code == value);
|
result = (ctx->return_code == value);
|
||||||
break;
|
break;
|
||||||
case AUDIT_SUCCESS:
|
case AUDIT_SUCCESS:
|
||||||
if (ctx && ctx->return_valid)
|
if (ctx && ctx->return_valid) {
|
||||||
result = (ctx->return_valid == AUDITSC_SUCCESS);
|
if (value)
|
||||||
|
result = (ctx->return_valid == AUDITSC_SUCCESS);
|
||||||
|
else
|
||||||
|
result = (ctx->return_valid == AUDITSC_FAILURE);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case AUDIT_DEVMAJOR:
|
case AUDIT_DEVMAJOR:
|
||||||
if (ctx) {
|
if (ctx) {
|
||||||
|
Loading…
Reference in New Issue
Block a user