[PATCH] Audit filter rule operators (0/2)

Hi- Currently, audit only supports the "=" and "!=" operators in the -F filter rules. These two patches rework the support for "=" and "!=", and add support for ">", ">=", "<", and "<=". This turned out to be a pretty clean, and simply process. I ended up using the high order bits of the "field", as suggested by Steve and Amy. This allowed for no changes whatsoever to the netlink communications. See the documentation within the patch in the include/linux/audit.h area, where there is a table that explains the reasoning of the bitmask assignments clearly. There are two pieces to this patch. The first is user space. The second is kernel space. I'll briefly describe those changes in the following emails with the code. The interface looks something like this.... Audit all ipc messages by normal users auditctl -a exit,always -S ipc -F "uid>=500" Audit all opens by any user except for user 501: auditctl -a exit,always -S open -F "uid>=0" -F "uid!=501" and so on... :-Dustin