audit: allow not equal op for audit by executable

Current implementation of auditing by executable name only implements the 'equal' operator. This patch extends it to also support the 'not equal' operator. See: https://github.com/linux-audit/audit-kernel/issues/53 Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Ondrej Mosnáček <omosnace@redhat.com> 2018-04-09 10:00:06 +0200
committer: Paul Moore <paul@paul-moore.com> 2018-04-24 11:18:10 -0400
commit: 23bcc480dac204c7dbdf49d96b2c918ed98223c2 (patch)
tree: d2e2fa1b394911fc278384b647a914ab506feca8 /kernel/auditfilter.c
parent: audit: add syscall information to FEATURE_CHANGE records (diff)
download: linux-23bcc480dac204c7dbdf49d96b2c918ed98223c2.tar.gz
linux-23bcc480dac204c7dbdf49d96b2c918ed98223c2.tar.bz2
linux-23bcc480dac204c7dbdf49d96b2c918ed98223c2.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index d7a807e81451..a0c5a3ec6e60 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -426,7 +426,7 @@ static int audit_field_valid(struct audit_entry *entry, struct audit_field *f)
 			return -EINVAL;
 		break;
 	case AUDIT_EXE:
-		if (f->op != Audit_equal)
+		if (f->op != Audit_not_equal && f->op != Audit_equal)
 			return -EINVAL;
 		if (entry->rule.listnr != AUDIT_FILTER_EXIT)
 			return -EINVAL;
author	Ondrej Mosnáček <omosnace@redhat.com>	2018-04-09 10:00:06 +0200
committer	Paul Moore <paul@paul-moore.com>	2018-04-24 11:18:10 -0400
commit	23bcc480dac204c7dbdf49d96b2c918ed98223c2 (patch)
tree	d2e2fa1b394911fc278384b647a914ab506feca8 /kernel/auditfilter.c
parent	audit: add syscall information to FEATURE_CHANGE records (diff)
download	linux-23bcc480dac204c7dbdf49d96b2c918ed98223c2.tar.gz linux-23bcc480dac204c7dbdf49d96b2c918ed98223c2.tar.bz2 linux-23bcc480dac204c7dbdf49d96b2c918ed98223c2.zip