From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Davies C <pauldaviesc@gmail.com>
Subject: [PATCH 1/1 v2] Added exe field to audit core dump signal log
Date: Thu, 21 Nov 2013 08:14:03 +0530
Message-ID: <20131121024403.GA5010@pauldc-Inspiron-1470>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com, eparis@redhat.com, rgb@redhat.com
List-Id: linux-audit@redhat.com

Currently when the coredump signals are logged by the audit system , the
actual path to the executable is not logged. Without details of exe , the
system admin may not have an exact idea on what program failed.

This patch changes the audit_log_task() so that the path to the exe is also
logged.

Signed-off-by: Paul Davies C <pauldaviesc@gmail.com>
---
 kernel/auditsc.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 9845cb3..53ecc02 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2353,6 +2353,7 @@ static void audit_log_task(struct audit_buffer *ab)
 	kuid_t auid, uid;
 	kgid_t gid;
 	unsigned int sessionid;
+	struct mm_struct *mm = current->mm;
 
 	auid = audit_get_loginuid(current);
 	sessionid = audit_get_sessionid(current);
@@ -2366,6 +2367,13 @@ static void audit_log_task(struct audit_buffer *ab)
 	audit_log_task_context(ab);
 	audit_log_format(ab, " pid=%d comm=", current->pid);
 	audit_log_untrustedstring(ab, current->comm);
+	if (mm) {
+		down_read(&mm->mmap_sem);
+		if (mm->exe_file)
+			audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
+		up_read(&mm->mmap_sem);
+	} else
+		audit_log_format(ab, " exe=(null)");
 }
 
 static void audit_log_abend(struct audit_buffer *ab, char *reason, long signr)
-- 
1.7.9.5