[AUDIT] Allow filtering on system call success _or_ failure
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
This commit is contained in:
David Woodhouse
parent
17888225c2
commit
b01f2cc1c3
1 changed files with 6 additions and 2 deletions
|
|
@ -440,8 +440,12 @@ static int audit_filter_rules(struct task_struct *tsk,
|
|||
result = (ctx->return_code == value);
|
||||
break;
|
||||
case AUDIT_SUCCESS:
|
||||
if (ctx && ctx->return_valid)
|
||||
result = (ctx->return_valid == AUDITSC_SUCCESS);
|
||||
if (ctx && ctx->return_valid) {
|
||||
if (value)
|
||||
result = (ctx->return_valid == AUDITSC_SUCCESS);
|
||||
else
|
||||
result = (ctx->return_valid == AUDITSC_FAILURE);
|
||||
}
|
||||
break;
|
||||
case AUDIT_DEVMAJOR:
|
||||
if (ctx) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue