diff options
Diffstat (limited to 'kernel/audit.c')
| -rw-r--r-- | kernel/audit.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 7c2893602d06..223cb746f141 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -1076,10 +1076,20 @@ static void audit_receive(struct sk_buff *skb) | |||
| 1076 | mutex_unlock(&audit_cmd_mutex); | 1076 | mutex_unlock(&audit_cmd_mutex); |
| 1077 | } | 1077 | } |
| 1078 | 1078 | ||
| 1079 | /* Run custom bind function on netlink socket group connect or bind requests. */ | ||
| 1080 | static int audit_bind(int group) | ||
| 1081 | { | ||
| 1082 | if (!capable(CAP_AUDIT_READ)) | ||
| 1083 | return -EPERM; | ||
| 1084 | |||
| 1085 | return 0; | ||
| 1086 | } | ||
| 1087 | |||
| 1079 | static int __net_init audit_net_init(struct net *net) | 1088 | static int __net_init audit_net_init(struct net *net) |
| 1080 | { | 1089 | { |
| 1081 | struct netlink_kernel_cfg cfg = { | 1090 | struct netlink_kernel_cfg cfg = { |
| 1082 | .input = audit_receive, | 1091 | .input = audit_receive, |
| 1092 | .bind = audit_bind, | ||
| 1083 | }; | 1093 | }; |
| 1084 | 1094 | ||
| 1085 | struct audit_net *aunet = net_generic(net, audit_net_id); | 1095 | struct audit_net *aunet = net_generic(net, audit_net_id); |