From: Steve Grubb <sgrubb@redhat.com>
To: Paul Davies C <pauldaviesc@gmail.com>
Cc: rgb@redhat.com, linux-audit@redhat.com
Subject: Re: [PATCH 1/1] Added exe field to audit core dump signal log
Date: Wed, 08 Jul 2015 16:28:06 -0400 [thread overview]
Message-ID: <9329673.DzdnucMbcf@x2> (raw)
In-Reply-To: <20131114032657.GA3588@pauldc-Inspiron-1470>
Hello Paul Moore,
Looks like this patch never got picked up. I think we should apply it.
-Steve
On Thursday, November 14, 2013 08:56:57 AM Paul Davies C wrote:
> Currently when the coredump signals are logged by the audit system , the
> actual path to the executable is not logged. Without details of exe , the
> system admin may not have an exact idea on what program failed.
>
> This patch changes the audit_log_task() so that the path to the exe is also
> logged.
>
> Signed-off-by: Paul Davies C <pauldaviesc@gmail.com>
> ---
> kernel/auditsc.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 9845cb3..988de72 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -2353,6 +2353,7 @@ static void audit_log_task(struct audit_buffer *ab)
> kuid_t auid, uid;
> kgid_t gid;
> unsigned int sessionid;
> + struct mm_struct *mm = current->mm;
>
> auid = audit_get_loginuid(current);
> sessionid = audit_get_sessionid(current);
> @@ -2366,6 +2367,12 @@ static void audit_log_task(struct audit_buffer *ab)
> audit_log_task_context(ab);
> audit_log_format(ab, " pid=%d comm=", current->pid);
> audit_log_untrustedstring(ab, current->comm);
> + if (mm) {
> + down_read(&mm->mmap_sem);
> + if (mm->exe_file)
> + audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
> + up_read(&mm->mmap_sem);
> + }
> }
>
> static void audit_log_abend(struct audit_buffer *ab, char *reason, long
> signr)
next prev parent reply other threads:[~2015-07-08 20:28 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-14 3:26 [PATCH 1/1] Added exe field to audit core dump signal log Paul Davies C
2013-11-20 21:47 ` Richard Guy Briggs
2013-11-20 22:03 ` William Roberts
2013-11-20 22:07 ` William Roberts
2013-11-20 22:30 ` Richard Guy Briggs
2013-11-20 22:29 ` Richard Guy Briggs
2015-07-08 20:28 ` Steve Grubb [this message]
2015-07-08 20:50 ` Paul Moore
2015-07-08 20:58 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9329673.DzdnucMbcf@x2 \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
--cc=pauldaviesc@gmail.com \
--cc=rgb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).