audit: allow not equal op for audit by executable [ Upstream commit 23bcc480dac204c7dbdf49d96b2c918ed98223c2 ] Current implementation of auditing by executable name only implements the 'equal' operator. This patch extends it to also support the 'not equal' operator. See: https://github.com/linux-audit/audit-kernel/issues/53 Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit: 5f5e70d7ec14d2b194f06e7ebe7f9396b4cdbb5f [log] [tgz]
author: Ondrej Mosnáček <omosnace@redhat.com> Mon Apr 09 10:00:06 2018 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Fri Aug 03 07:55:25 2018 +0200
tree: d5f8d7b69e5caab35c253370c424fb3324928069
parent: 3c90e828db81b22f37fa7d37b9759cd3f1d305ba [diff] [blame]
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 85d9cac..cd4f413 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c

@@ -406,7 +406,7 @@
 			return -EINVAL;
 		break;
 	case AUDIT_EXE:
-		if (f->op != Audit_equal)
+		if (f->op != Audit_not_equal && f->op != Audit_equal)
 			return -EINVAL;
 		if (entry->rule.listnr != AUDIT_FILTER_EXIT)
 			return -EINVAL;
commit	5f5e70d7ec14d2b194f06e7ebe7f9396b4cdbb5f	[log] [tgz]
author	Ondrej Mosnáček <omosnace@redhat.com>	Mon Apr 09 10:00:06 2018 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Fri Aug 03 07:55:25 2018 +0200
tree	d5f8d7b69e5caab35c253370c424fb3324928069
parent	3c90e828db81b22f37fa7d37b9759cd3f1d305ba [diff] [blame]