diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2015-09-08 13:34:59 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-09-08 13:34:59 -0700 |
commit | 425afcff13a4bea2a3cf6f395cbc66fc158852be (patch) | |
tree | c34863cf9fc8f608be586794db866285abbe317e /kernel/audit_tree.c | |
parent | b793c005ceabf6db0b17494b0ec67ade6796bb34 (diff) | |
parent | 15ce414b82b07acb99afda6e4d9bd14f317b6011 (diff) | |
download | lwn-425afcff13a4bea2a3cf6f395cbc66fc158852be.tar.gz lwn-425afcff13a4bea2a3cf6f395cbc66fc158852be.zip |
Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/audit
Pull audit update from Paul Moore:
"This is one of the larger audit patchsets in recent history,
consisting of eight patches and almost 400 lines of changes.
The bulk of the patchset is the new "audit by executable"
functionality which allows admins to set an audit watch based on the
executable on disk. Prior to this, admins could only track an
application by PID, which has some obvious limitations.
Beyond the new functionality we also have some refcnt fixes and a few
minor cleanups"
* 'upstream' of git://git.infradead.org/users/pcmoore/audit:
fixup: audit: implement audit by executable
audit: implement audit by executable
audit: clean simple fsnotify implementation
audit: use macros for unset inode and device values
audit: make audit_del_rule() more robust
audit: fix uninitialized variable in audit_add_rule()
audit: eliminate unnecessary extra layer of watch parent references
audit: eliminate unnecessary extra layer of watch references
Diffstat (limited to 'kernel/audit_tree.c')
-rw-r--r-- | kernel/audit_tree.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index b0f9877273fc..94ecdabda8e6 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c @@ -479,6 +479,8 @@ static void kill_rules(struct audit_tree *tree) if (rule->tree) { /* not a half-baked one */ audit_tree_log_remove_rule(rule); + if (entry->rule.exe) + audit_remove_mark(entry->rule.exe); rule->tree = NULL; list_del_rcu(&entry->list); list_del(&entry->rule.list); |