diff options
| -rw-r--r-- | include/uapi/linux/audit.h | 1 | ||||
| -rw-r--r-- | kernel/audit.c | 16 |
2 files changed, 16 insertions, 1 deletions
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 843540c398eb..d820aa979620 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h | |||
| @@ -110,6 +110,7 @@ | |||
| 110 | #define AUDIT_SECCOMP 1326 /* Secure Computing event */ | 110 | #define AUDIT_SECCOMP 1326 /* Secure Computing event */ |
| 111 | #define AUDIT_PROCTITLE 1327 /* Proctitle emit event */ | 111 | #define AUDIT_PROCTITLE 1327 /* Proctitle emit event */ |
| 112 | #define AUDIT_FEATURE_CHANGE 1328 /* audit log listing feature changes */ | 112 | #define AUDIT_FEATURE_CHANGE 1328 /* audit log listing feature changes */ |
| 113 | #define AUDIT_REPLACE 1329 /* Replace auditd if this packet unanswerd */ | ||
| 113 | 114 | ||
| 114 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ | 115 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ |
| 115 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ | 116 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ |
diff --git a/kernel/audit.c b/kernel/audit.c index d6dd95cc59e6..2fd63d6879c5 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -809,6 +809,16 @@ static int audit_set_feature(struct sk_buff *skb) | |||
| 809 | return 0; | 809 | return 0; |
| 810 | } | 810 | } |
| 811 | 811 | ||
| 812 | static int audit_replace(pid_t pid) | ||
| 813 | { | ||
| 814 | struct sk_buff *skb = audit_make_reply(0, 0, AUDIT_REPLACE, 0, 0, | ||
| 815 | &pid, sizeof(pid)); | ||
| 816 | |||
| 817 | if (!skb) | ||
| 818 | return -ENOMEM; | ||
| 819 | return netlink_unicast(audit_sock, skb, audit_nlk_portid, 0); | ||
| 820 | } | ||
| 821 | |||
| 812 | static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | 822 | static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) |
| 813 | { | 823 | { |
| 814 | u32 seq; | 824 | u32 seq; |
| @@ -870,9 +880,13 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 870 | } | 880 | } |
| 871 | if (s.mask & AUDIT_STATUS_PID) { | 881 | if (s.mask & AUDIT_STATUS_PID) { |
| 872 | int new_pid = s.pid; | 882 | int new_pid = s.pid; |
| 883 | pid_t requesting_pid = task_tgid_vnr(current); | ||
| 873 | 884 | ||
| 874 | if ((!new_pid) && (task_tgid_vnr(current) != audit_pid)) | 885 | if ((!new_pid) && (requesting_pid != audit_pid)) |
| 875 | return -EACCES; | 886 | return -EACCES; |
| 887 | if (audit_pid && new_pid && | ||
| 888 | audit_replace(requesting_pid) != -ECONNREFUSED) | ||
| 889 | return -EEXIST; | ||
| 876 | if (audit_enabled != AUDIT_OFF) | 890 | if (audit_enabled != AUDIT_OFF) |
| 877 | audit_log_config_change("audit_pid", new_pid, audit_pid, 1); | 891 | audit_log_config_change("audit_pid", new_pid, audit_pid, 1); |
| 878 | audit_pid = new_pid; | 892 | audit_pid = new_pid; |