commit | 0e96c551918a152e98a16e67795b16e0306f2d7c | [log] [tgz] |
---|---|---|
author | Eric Paris <eparis@redhat.com> | Tue Jan 03 14:23:08 2012 -0500 |
committer | Al Viro <viro@zeniv.linux.org.uk> | Thu Jan 12 00:25:11 2012 -0500 |
tree | 07cc75819dd8ea3721cec6f6cfe7267af092f099 | |
parent | 4f418a8259eea6b2496f79c791d1e2bf1c51abd3 [diff] |
audit: allow interfield comparison in audit rules We wish to be able to audit when a uid=500 task accesses a file which is uid=0. Or vice versa. This patch introduces a new audit filter type AUDIT_FIELD_COMPARE which takes as an 'enum' which indicates which fields should be compared. At this point we only define the task->uid vs inode->uid, but other comparisons can be added. Signed-off-by: Eric Paris <eparis@redhat.com>