[git pull] misc audit fixes

From: Al Viro
Date: Thu Aug 03 2006 - 11:24:12 EST


Audit fixes: a bunch of bug fixes from Amy + overhead reduction for
case when no rules are loaded (lazy-audit) from me. The latter speeds
"audit enabled, no rules present" to the level of "audit disabled". The
current tree has about 15--20% overhead for that case on loads like "do a lot
of access(2)"; that gets killed by these patches.

Please, pull from
git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current.git/ audit.b25

diffstat:
fs/namei.c | 8 ++-
include/linux/audit.h | 43 +++++++++++------
include/linux/fsnotify.h | 6 +-
kernel/audit.c | 4 -
kernel/auditfilter.c | 26 ++++++++++
kernel/auditsc.c | 117 ++++++++++++++++++++++++++++++-----------------
6 files changed, 140 insertions(+), 64 deletions(-)

Al Viro:
introduce audit rules counter
mark context of syscall entered with no rules as dummy
don't bother with aux entires for dummy context
take filling ->pid, etc. out of audit_get_context()

Amy Griffis:
fix faulty inode data collection for open() with O_CREAT
fix missed create event for directory audit
fix oops with CONFIG_AUDIT and !CONFIG_AUDITSYSCALL
fix audit oops with invalid operator
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/