commit 54d3218b31aee5bc9c859ae60fbde933d922448b
author Eric Paris <eparis@redhat.com> Tue Jan 03 14:23:07 2012 -0500
committer Al Viro <viro@zeniv.linux.org.uk> Tue Jan 17 16:16:59 2012 -0500
tree ebc383920713c283133d885191d0c19cb049afd2
parent efaffd6e4417860c67576ac760dd6e8bbd15f006

audit: allow audit matching on inode gid

Much like the ability to filter audit on the uid of an inode collected, we
should be able to filter on the gid of the inode.

Signed-off-by: Eric Paris <eparis@redhat.com>

kernel/auditfilter.c

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 13e9974..f10605c 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -462,6 +462,7 @@
 		case AUDIT_ARG2:
 		case AUDIT_ARG3:
 		case AUDIT_OBJ_UID:
+		case AUDIT_OBJ_GID:
 			break;
 		case AUDIT_ARCH:
 			entry->rule.arch_f = f;

kernel/auditsc.c

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 5cf3ecc..87b375f 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -598,6 +598,18 @@
 				}
 			}
 			break;
+		case AUDIT_OBJ_GID:
+			if (name) {
+				result = audit_comparator(name->gid, f->op, f->val);
+			} else if (ctx) {
+				list_for_each_entry(n, &ctx->names_list, list) {
+					if (audit_comparator(n->gid, f->op, f->val)) {
+						++result;
+						break;
+					}
+				}
+			}
+			break;
 		case AUDIT_WATCH:
 			if (name)
 				result = audit_watch_compare(rule->watch, name->ino, name->dev);