[PATCH 0/5] Add support for sessionid user filters, sessionid_set and loginuid_set

Add support for sessionid, sessionid_set (first two patches) and loginuid_set (and auid_set) (third patch) in user filters. The first two are directly related to issue "ghak4": https://github.com/linux-audit/audit-kernel/issues/4 https://github.com/linux-audit/audit-kernel/wiki/RFE-Session-ID-User-Filter The third is to support a kernel change from 3.10 and 3.19 to avoid using in-band values to indicate the loginuid is unset. The last two patches are to add unset flags to sessionid and loginuid for ausearch and aureport. These two patches are extras and not required for basic support. Richard Guy Briggs (5): Add userspace support for session ID user filter. Add sessionid_set option from kernel uapi macro AUDIT_SESSIONID_SET Add user filter option loginuid_set from uapi macro AUDIT_LOGINUID_SET Add sessionid_set option to ausearch and aureport Add support for loginuid_set option for event filtering and searches. trunk/lib/fieldtab.h | 4 ++ trunk/src/aureport-options.c | 4 +- trunk/src/ausearch-common.h | 1 + trunk/src/ausearch-match.c | 3 + trunk/src/ausearch-options.c | 85 +++++++++++++++++++++++++++++++++++++++++- trunk/src/ausearch-options.h | 1 + trunk/src/ausearch-parse.c | 30 +++++++------- 7 files changed, 110 insertions(+), 18 deletions(-)