From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: [PATCH 1/1] Added exe field to audit core dump signal log
Date: Wed, 08 Jul 2015 16:28:06 -0400
Message-ID: <9329673.DzdnucMbcf@x2>
References: <20131114032657.GA3588@pauldc-Inspiron-1470>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <20131114032657.GA3588@pauldc-Inspiron-1470>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Paul Davies C <pauldaviesc@gmail.com>
Cc: rgb@redhat.com, linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Hello Paul Moore,

Looks like this patch never got picked up. I think we should apply it.

-Steve

On Thursday, November 14, 2013 08:56:57 AM Paul Davies C wrote:
> Currently when the coredump signals are logged by the audit system , the
> actual path to the executable is not logged. Without details of exe , the
> system admin may not have an exact idea on what program failed.
> 
> This patch changes the audit_log_task() so that the path to the exe is also
> logged.
> 
> Signed-off-by: Paul Davies C <pauldaviesc@gmail.com>
> ---
>  kernel/auditsc.c |    7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 9845cb3..988de72 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -2353,6 +2353,7 @@ static void audit_log_task(struct audit_buffer *ab)
>  	kuid_t auid, uid;
>  	kgid_t gid;
>  	unsigned int sessionid;
> +	struct mm_struct *mm = current->mm;
> 
>  	auid = audit_get_loginuid(current);
>  	sessionid = audit_get_sessionid(current);
> @@ -2366,6 +2367,12 @@ static void audit_log_task(struct audit_buffer *ab)
>  	audit_log_task_context(ab);
>  	audit_log_format(ab, " pid=%d comm=", current->pid);
>  	audit_log_untrustedstring(ab, current->comm);
> +	if (mm) {
> +		down_read(&mm->mmap_sem);
> +		if (mm->exe_file)
> +			audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
> +		up_read(&mm->mmap_sem);
> +	}
>  }
> 
>  static void audit_log_abend(struct audit_buffer *ab, char *reason, long
> signr)