[PATCH 1/1] audit: fix logic error in audit_filter_exclude()

From: Dustin Kirkland (IBM) There's supposed to be an implicit AND between all subsequent rules in a given filter list. There's supposed to be an implicit OR between all subsequent filters of a given type. The way the audit_filter_exclude() code currently operates, it forces an implicit AND between all rules in all exclude filters. This trivial patch fixes that problem with correct logic. If any one of the rules fails in a given list, break out of examining that list and move on to the next list. If all rules succeed in a given list, return 1. Signed-off-by: Dustin Kirkland <dustin.kirkland(a)us.ibm.com&gt; --- David- Synced to your updated git tree, built, and tested the patches of mine you integrated, which turned up a somewhat buried bug. Also note: 1) this message should be spliced into the correct thread of your mailer 2) the text of the patch should be correctly insert into the body of this mail 3) I'm attempting to use the Canonical Patch Format ;) Please let me know if this is the appropriate format and I'll use it from now on when final versions of a given patch are ready. Thanks, :-Dustin diff --git a/kernel/auditsc.c b/kernel/auditsc.c --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -689,9 +689,11 @@ int audit_filter_exclude(int type) if ( field == AUDIT_MSGTYPE ) { result = audit_comparator(type, op, value); if (!result) - goto unlock_and_return; + break; } } + if (result) + goto unlock_and_return; } unlock_and_return: rcu_read_unlock();