From mboxrd@z Thu Jan  1 00:00:00 1970
From: Al Viro <viro@ZenIV.linux.org.uk>
Subject: Re: [PATCH 26/26] audit: collect path information when possible
Date: Thu, 17 Nov 2011 22:47:03 +0000
Message-ID: <20111117224703.GZ2203@ZenIV.linux.org.uk>
References: <20111117220244.23481.96785.stgit@paris.rdu.redhat.com>
	<20111117220510.23481.42750.stgit@paris.rdu.redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Content-Disposition: inline
In-Reply-To: <20111117220510.23481.42750.stgit@paris.rdu.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Eric Paris <eparis@redhat.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Thu, Nov 17, 2011 at 05:05:11PM -0500, Eric Paris wrote:
> For _at type syscalls (like openat) we do not collect any information about
> the dfd.  This patch grabs a reference to the path of all fd's passed to
> the kernel.  We free those on syscall exit.  We will then output those paths
> as inode records and use the path information to generate better pathnames if
> possible.

I think this is bogus.  If nothing else, if you want dfd, then by damn
collect that information *when* *you* *are* *starting* *a* *lookup*.
Not on every bleeding fget(), no matter why and by whom had it been called.

FWIW, hooking into getname() also had always looked wrong, for much the
same reasons...