diff mbox series

[2/2] audit: block PERM fields being used with io_uring filtering

Message ID 8d1435a4b5db9139cc8eebce633f14872dd3a007.1622467740.git.rgb@redhat.com (mailing list archive)
State Accepted
Headers show
Series [1/2] audit: add filtering for io_uring records, addendum | expand

Commit Message

Richard Guy Briggs May 31, 2021, 1:44 p.m. UTC
The commit ("audit: add filtering for io_uring records") added support for
filtering io_uring operations.  The PERM field is invalid for io_uring
filtering, so block it.

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
 kernel/auditfilter.c | 4 ++++
 1 file changed, 4 insertions(+)
diff mbox series


diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index bcdedfd1088c..d75acb014ccd 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -336,6 +336,10 @@  static int audit_field_valid(struct audit_entry *entry, struct audit_field *f)
 		if (entry->rule.listnr != AUDIT_FILTER_FS)
 			return -EINVAL;
+	case AUDIT_PERM:
+		if (entry->rule.listnr == AUDIT_FILTER_URING_EXIT)
+			return -EINVAL;
+		break;
 	switch (entry->rule.listnr) {