From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Safford <safford@watson.ibm.com>,
Linux Audit <linux-audit@redhat.com>,
Reiner Sailer <sailer@us.ibm.com>
Subject: Re: [RFC][PATCH] audit: get inode pathname patch
Date: Wed, 6 Aug 2008 13:26:36 -0500 [thread overview]
Message-ID: <20080806182636.GA32522@us.ibm.com> (raw)
In-Reply-To: <1218033406.9023.7.camel@new-host-2.home>
Quoting Mimi Zohar (zohar@linux.vnet.ibm.com):
> We are interested in using auditing's context pathname information.
> Is this the best way of accessing it?
>
> Add support for accessing auditing's inode full pathname.
Interesting idea. It does seem to do what you need.
-serge
> Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
>
> Index: security-testing-2.6/include/linux/audit.h
> ===================================================================
> --- security-testing-2.6.orig/include/linux/audit.h
> +++ security-testing-2.6/include/linux/audit.h
> @@ -403,6 +403,8 @@ extern void audit_syscall_entry(int arch
> unsigned long a2, unsigned long a3);
> extern void audit_syscall_exit(int failed, long return_code);
> extern void __audit_getname(const char *name);
> +extern const char *audit_get_inode_pathname(struct task_struct *tsk,
> + struct inode *inode);
> extern void audit_putname(const char *name);
> extern void __audit_inode(const char *name, const struct dentry *dentry);
> extern void __audit_inode_child(const char *dname, const struct dentry *dentry,
> Index: security-testing-2.6/kernel/auditsc.c
> ===================================================================
> --- security-testing-2.6.orig/kernel/auditsc.c
> +++ security-testing-2.6/kernel/auditsc.c
> @@ -1677,6 +1677,28 @@ retry:
> #endif
> }
>
> +const char *audit_get_inode_pathname(struct task_struct *tsk,
> + struct inode *inode)
> +{
> + struct audit_context *context;
> + int idx;
> +
> + context = tsk->audit_context;
> + if (!context)
> + return NULL;
> + for (idx = 0; idx < context->name_count; idx++) {
> + struct audit_names *n = &context->names[idx];
> +
> + if (!n->name)
> + continue;
> +
> + if (n->ino == inode->i_ino)
> + return n->name;
> + }
> + return NULL;
> +}
> +EXPORT_SYMBOL_GPL(audit_get_inode_pathname);
> +
> /**
> * audit_getname - add a name to the list
> * @name: name to add
>
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
next prev parent reply other threads:[~2008-08-06 18:26 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-06 14:36 [RFC][PATCH] audit: get inode pathname patch Mimi Zohar
2008-08-06 18:26 ` Serge E. Hallyn [this message]
2008-08-12 23:47 ` Steve Grubb
2008-08-13 22:28 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080806182636.GA32522@us.ibm.com \
--to=serue@us.ibm.com \
--cc=linux-audit@redhat.com \
--cc=safford@watson.ibm.com \
--cc=sailer@us.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox