* [PATCH 13/15] make sure that filterkey of task,always rules is reported
@ 2008-12-17 5:13 Al Viro
2008-12-17 7:50 ` James Morris
0 siblings, 1 reply; 2+ messages in thread
From: Al Viro @ 2008-12-17 5:13 UTC (permalink / raw)
To: linux-audit; +Cc: linux-kernel
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
kernel/auditsc.c | 15 +++++++++++----
1 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 296d329..549443e 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -618,7 +618,7 @@ static int audit_filter_rules(struct task_struct *tsk,
* completely disabled for this task. Since we only have the task
* structure at this point, we can only check uid and gid.
*/
-static enum audit_state audit_filter_task(struct task_struct *tsk)
+static enum audit_state audit_filter_task(struct task_struct *tsk, char **key)
{
struct audit_entry *e;
enum audit_state state;
@@ -626,6 +626,8 @@ static enum audit_state audit_filter_task(struct task_struct *tsk)
rcu_read_lock();
list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) {
if (audit_filter_rules(tsk, &e->rule, NULL, NULL, &state)) {
+ if (state == AUDIT_RECORD_CONTEXT)
+ *key = kstrdup(e->rule.filterkey, GFP_ATOMIC);
rcu_read_unlock();
return state;
}
@@ -832,18 +834,21 @@ int audit_alloc(struct task_struct *tsk)
{
struct audit_context *context;
enum audit_state state;
+ char *key = NULL;
if (likely(!audit_ever_enabled))
return 0; /* Return if not auditing. */
- state = audit_filter_task(tsk);
+ state = audit_filter_task(tsk, &key);
if (likely(state == AUDIT_DISABLED))
return 0;
if (!(context = audit_alloc_context(state))) {
+ kfree(key);
audit_log_lost("out of memory in audit_alloc");
return -ENOMEM;
}
+ context->filterkey = key;
tsk->audit_context = context;
set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT);
@@ -1616,8 +1621,10 @@ void audit_syscall_exit(int valid, long return_code)
context->sockaddr_len = 0;
context->type = 0;
context->fds[0] = -1;
- kfree(context->filterkey);
- context->filterkey = NULL;
+ if (context->state != AUDIT_RECORD_CONTEXT) {
+ kfree(context->filterkey);
+ context->filterkey = NULL;
+ }
tsk->audit_context = context;
}
}
--
1.5.6.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 13/15] make sure that filterkey of task,always rules is reported
2008-12-17 5:13 [PATCH 13/15] make sure that filterkey of task,always rules is reported Al Viro
@ 2008-12-17 7:50 ` James Morris
0 siblings, 0 replies; 2+ messages in thread
From: James Morris @ 2008-12-17 7:50 UTC (permalink / raw)
To: Al Viro; +Cc: linux-audit, linux-kernel
On Wed, 17 Dec 2008, Al Viro wrote:
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Reviewed-by: James Morris <jmorris@namei.org>
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-12-17 7:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-12-17 5:13 [PATCH 13/15] make sure that filterkey of task,always rules is reported Al Viro
2008-12-17 7:50 ` James Morris
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox