|
@@ -235,13 +235,15 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule)
|
|
|
switch(listnr) {
|
|
switch(listnr) {
|
|
|
default:
|
|
default:
|
|
|
goto exit_err;
|
|
goto exit_err;
|
|
|
- case AUDIT_FILTER_USER:
|
|
|
|
|
- case AUDIT_FILTER_TYPE:
|
|
|
|
|
#ifdef CONFIG_AUDITSYSCALL
|
|
#ifdef CONFIG_AUDITSYSCALL
|
|
|
case AUDIT_FILTER_ENTRY:
|
|
case AUDIT_FILTER_ENTRY:
|
|
|
|
|
+ if (rule->action == AUDIT_ALWAYS)
|
|
|
|
|
+ goto exit_err;
|
|
|
case AUDIT_FILTER_EXIT:
|
|
case AUDIT_FILTER_EXIT:
|
|
|
case AUDIT_FILTER_TASK:
|
|
case AUDIT_FILTER_TASK:
|
|
|
#endif
|
|
#endif
|
|
|
|
|
+ case AUDIT_FILTER_USER:
|
|
|
|
|
+ case AUDIT_FILTER_TYPE:
|
|
|
;
|
|
;
|
|
|
}
|
|
}
|
|
|
if (unlikely(rule->action == AUDIT_POSSIBLE)) {
|
|
if (unlikely(rule->action == AUDIT_POSSIBLE)) {
|
Eric Paris