[ARCHIVE DEBUG 13/13] audit_debug: print inode nr for each path when listing exe rules
Debug to list inode number and path for each audit watch when audit
watch rules are listed.
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
kernel/audit.h | 2 ++
kernel/audit_fsnotify.c | 5 +++++
kernel/auditfilter.c | 1 +
3 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/kernel/audit.h b/kernel/audit.h
index 24ec861..a7cf1ad 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -271,6 +271,7 @@ extern int audit_watch_compare(struct audit_watch *watch, unsigned
long ino, dev
extern struct audit_fsnotify_mark *audit_alloc_mark(struct audit_krule *krule, char
*pathname, int len);
extern char *audit_mark_path(struct audit_fsnotify_mark *mark);
+extern unsigned int audit_mark_ino(struct audit_fsnotify_mark *mark);
extern void audit_remove_mark(struct audit_fsnotify_mark *audit_mark);
extern void audit_remove_mark_rule(struct audit_krule *krule);
extern int audit_mark_compare(struct audit_fsnotify_mark *mark, unsigned long ino, dev_t
dev);
@@ -287,6 +288,7 @@ extern int audit_exe_compare(struct task_struct *tsk, struct
audit_fsnotify_mark
#define audit_watch_compare(w, i, d) 0
#define audit_alloc_mark(k, p, l) (ERR_PTR(-EINVAL))
+#define audit_mark_ino(m) 0
#define audit_mark_path(m) ""
#define audit_remove_mark(m)
#define audit_remove_mark_rule(k)
diff --git a/kernel/audit_fsnotify.c b/kernel/audit_fsnotify.c
index 27c6046..dcf788c 100644
--- a/kernel/audit_fsnotify.c
+++ b/kernel/audit_fsnotify.c
@@ -61,6 +61,11 @@ static void audit_fsnotify_free_mark(struct fsnotify_mark *mark)
audit_fsnotify_mark_free(audit_mark);
}
+unsigned int audit_mark_ino(struct audit_fsnotify_mark *mark)
+{
+ return mark->ino;
+}
+
char *audit_mark_path(struct audit_fsnotify_mark *mark)
{
return mark->path;
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 7714d93..0c36546 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -645,6 +645,7 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule
*krule)
case AUDIT_EXE:
data->buflen += data->values[i] =
audit_pack_string(&bufp, audit_mark_path(krule->exe));
+ pr_warn("list: \"%s\" ino=%u\n", audit_mark_path(krule->exe),
audit_mark_ino(krule->exe));
break;
case AUDIT_LOGINUID_SET:
if (krule->pflags & AUDIT_LOGINUID_LEGACY && !f->val) {
--
1.7.1