linux/kernel
Amy Griffis 5adc8a6adc [PATCH] add rule filterkey
Add support for a rule key, which can be used to tie audit records to audit
rules.  This is useful when a watched file is accessed through a link or
symlink, as well as for general audit log analysis.

Because this patch uses a string key instead of an integer key, there is a bit
of extra overhead to do the kstrdup() when a rule fires.  However, we're also
allocating memory for the audit record buffer, so it's probably not that
significant.  I went ahead with a string key because it seems more
user-friendly.

Note that the user must ensure that filterkeys are unique.  The kernel only
checks for duplicate rules.

Signed-off-by: Amy Griffis <amy.griffis@hpd.com>
2006-07-01 05:43:06 -04:00
..
irq Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
power remove obsolete swsusp_encrypt 2006-06-30 18:59:59 +02:00
time [PATCH] time: rename clocksource functions 2006-06-26 09:58:21 -07:00
.gitignore gitignore: ignore more generated files 2006-01-03 11:35:26 +01:00
Kconfig.hz [PATCH] i386: Selectable Frequency of the Timer Interrupt 2005-06-23 09:45:10 -07:00
Kconfig.preempt [PATCH] sched: voluntary kernel preemption 2005-06-25 16:24:45 -07:00
Makefile [PATCH] pi-futex: rt mutex tester 2006-06-27 17:32:47 -07:00
acct.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
audit.c [NETLINK]: Encapsulate eff_cap usage within security framework. 2006-06-29 16:57:55 -07:00
audit.h [PATCH] add rule filterkey 2006-07-01 05:43:06 -04:00
auditfilter.c [PATCH] add rule filterkey 2006-07-01 05:43:06 -04:00
auditsc.c [PATCH] add rule filterkey 2006-07-01 05:43:06 -04:00
capability.c [PATCH] refactor capable() to one implementation, add __capable() helper 2006-03-25 08:22:56 -08:00
compat.c [PATCH] N32 sigset and __COMPAT_ENDIAN_SWAP__ 2006-06-25 10:01:15 -07:00
configs.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
cpu.c [PATCH] cpu hotplug: make [un]register_cpu_notifier init time only 2006-06-27 17:32:41 -07:00
cpuset.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
dma.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
exec_domain.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
exit.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
extable.c [PATCH] symbol_put_addr() locks kernel 2006-05-15 11:20:55 -07:00
fork.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
futex.c [PATCH] futex_requeue() optimization 2006-06-27 17:32:48 -07:00
futex_compat.c [PATCH] pi-futex: futex_lock_pi/futex_unlock_pi support 2006-06-27 17:32:47 -07:00
hrtimer.c [PATCH] cpu hotplug: revert initdata patch submitted for 2.6.17 2006-06-27 17:32:41 -07:00
itimer.c [PATCH] hrtimers: remove data field 2006-03-26 08:57:03 -08:00
kallsyms.c [PATCH] fix missing includes 2005-10-30 17:37:32 -08:00
kexec.c [POWERPC] Add the use of the firmware soft-reset-nmi to kdump. 2006-06-28 15:18:52 +10:00
kfifo.c [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
kmod.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
kprobes.c [PATCH] Notify page fault call chain 2006-06-26 09:58:22 -07:00
ksysfs.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
kthread.c [PATCH] kthread: move kernel-doc and put it into DocBook 2006-06-25 10:01:24 -07:00
module.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
mutex-debug.c [PATCH] poison: add & use more constants 2006-06-27 17:32:38 -07:00
mutex-debug.h [PATCH] work around ppc64 bootup bug by making mutex-debugging save/restore irqs 2006-06-26 09:58:16 -07:00
mutex.c [PATCH] work around ppc64 bootup bug by making mutex-debugging save/restore irqs 2006-06-26 09:58:16 -07:00
mutex.h [PATCH] work around ppc64 bootup bug by making mutex-debugging save/restore irqs 2006-06-26 09:58:16 -07:00
panic.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
params.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
pid.c [PATCH] pidhash: Refactor the pid hash table 2006-03-31 12:19:00 -08:00
posix-cpu-timers.c [PATCH] arm_timer: remove a racy and obsolete PF_EXITING check 2006-06-17 10:52:13 -07:00
posix-timers.c [PATCH] hrtimers: remove data field 2006-03-26 08:57:03 -08:00
printk.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
profile.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ptrace.c [PATCH] coredump: kill ptrace related stuff 2006-06-26 09:58:27 -07:00
rcupdate.c [PATCH] cpu hotplug: revert initdata patch submitted for 2.6.17 2006-06-27 17:32:41 -07:00
rcutorture.c [PATCH] rcutorture: add call_rcu_bh() operations 2006-06-27 17:32:40 -07:00
relay.c [PATCH] relay: consolidate sendfile() and read() code 2006-03-23 19:58:45 +01:00
resource.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
rtmutex-debug.c [PATCH] pi-futex: rt mutex debug 2006-06-27 17:32:47 -07:00
rtmutex-debug.h [PATCH] pi-futex: rt mutex debug 2006-06-27 17:32:47 -07:00
rtmutex-tester.c [PATCH] rtmutex: Modify rtmutex-tester to test the setscheduler propagation 2006-06-27 17:32:47 -07:00
rtmutex.c [PATCH] rtmutex: Propagate priority settings into PI lock chains 2006-06-27 17:32:48 -07:00
rtmutex.h [PATCH] pi-futex: rt mutex core 2006-06-27 17:32:47 -07:00
rtmutex_common.h [PATCH] pi-futex: futex_lock_pi/futex_unlock_pi support 2006-06-27 17:32:47 -07:00
sched.c [PATCH] cond_resched() fix 2006-06-30 11:25:38 -07:00
seccomp.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
signal.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial 2006-06-30 15:39:30 -07:00
softirq.c [PATCH] cpu hotplug: revert initdata patch submitted for 2.6.17 2006-06-27 17:32:41 -07:00
softlockup.c [PATCH] cpu hotplug: revert initdata patch submitted for 2.6.17 2006-06-27 17:32:41 -07:00
spinlock.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
stop_machine.c [PATCH] kthread: convert stop_machine into a kthread 2006-06-25 10:01:22 -07:00
sys.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
sys_ni.c [PATCH] sys_move_pages: 32bit support (i386, x86_64) 2006-06-23 07:42:53 -07:00
sysctl.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial 2006-06-30 15:39:30 -07:00
time.c [PATCH] Time: Introduce arch generic time accessors 2006-06-26 09:58:20 -07:00
timer.c [PATCH] cpu hotplug: revert initdata patch submitted for 2.6.17 2006-06-27 17:32:41 -07:00
uid16.c [PATCH] Add more prevent_tail_call() 2006-04-19 16:27:18 -07:00
unwind.c [PATCH] x86_64: allow unwinder to build without module support 2006-06-26 10:48:18 -07:00
user.c [PATCH] selinux: add hooks for key subsystem 2006-06-22 15:05:55 -07:00
wait.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
workqueue.c [PATCH] cpu hotplug: revert init patch submitted for 2.6.17 2006-06-27 17:32:40 -07:00