[PATCH] audit string fields interface + consumer Updated patch to dynamically allocate audit rule fields in kernel's internal representation. Added unlikely() calls for testing memory allocation result. Amy Griffis wrote: [Wed Jan 11 2006, 02:02:31PM EST] > Modify audit's kernel-userspace interface to allow the specification > of string fields in audit rules. > > Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> (cherry picked from 5ffc4a863f92351b720fe3e9c5cd647accff9e03 commit)

commit: 93315ed6dd12dacfc941f9eb8ca0293aadf99793 [log] [tgz]
author: Amy Griffis <amy.griffis@hp.com> Tue Feb 07 12:05:27 2006 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> Mon Mar 20 14:08:54 2006 -0500
tree: 4fc070c92a1de21d3befe4ce48c733c65d044bb3
parent: af601e4623d0303bfafa54ec728b7ae8493a8e1b [diff] [blame]
diff --git a/kernel/audit.h b/kernel/audit.h
index 7643e46..4b602cd 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h

@@ -52,10 +52,27 @@
 };
 
 /* Rule lists */
+struct audit_field {
+	u32			type;
+	u32			val;
+	u32			op;
+};
+
+struct audit_krule {
+	int			vers_ops;
+	u32			flags;
+	u32			listnr;
+	u32			action;
+	u32			mask[AUDIT_BITMASK_SIZE];
+	u32			buflen; /* for data alloc on list rules */
+	u32			field_count;
+	struct audit_field	*fields;
+};
+
 struct audit_entry {
-	struct list_head  list;
-	struct rcu_head   rcu;
-	struct audit_rule rule;
+	struct list_head	list;
+	struct rcu_head		rcu;
+	struct audit_krule	rule;
 };
commit	93315ed6dd12dacfc941f9eb8ca0293aadf99793	[log] [tgz]
author	Amy Griffis <amy.griffis@hp.com>	Tue Feb 07 12:05:27 2006 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	Mon Mar 20 14:08:54 2006 -0500
tree	4fc070c92a1de21d3befe4ce48c733c65d044bb3
parent	af601e4623d0303bfafa54ec728b7ae8493a8e1b [diff] [blame]