From b01f2cc1c37ac3d5ca313c90370a586dffe5aca9 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 27 Aug 2005 10:25:43 +0100 Subject: [AUDIT] Allow filtering on system call success _or_ failure Signed-off-by: David Woodhouse --- kernel/auditsc.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'kernel') diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 488ba3dea8b..88696f639aa 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -440,8 +440,12 @@ static int audit_filter_rules(struct task_struct *tsk, result = (ctx->return_code == value); break; case AUDIT_SUCCESS: - if (ctx && ctx->return_valid) - result = (ctx->return_valid == AUDITSC_SUCCESS); + if (ctx && ctx->return_valid) { + if (value) + result = (ctx->return_valid == AUDITSC_SUCCESS); + else + result = (ctx->return_valid == AUDITSC_FAILURE); + } break; case AUDIT_DEVMAJOR: if (ctx) { -- cgit v1.2.3