aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Viro <aviro@redhat.com>2006-09-29 00:08:50 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2006-10-04 08:31:19 -0400
commit419c58f11fb732cc8bd1335fa43e0decb34e0be3 (patch)
tree7eb03026bd7e102d235ccc02f81daf1127d93358
parent4b8a311bb161a3bd2ab44311f42c526b6dc76270 (diff)
[PATCH] PPID filtering fix
On Thu, Sep 28, 2006 at 04:03:06PM -0400, Eric Paris wrote: > After some looking I did not see a way to get into audit_log_exit > without having set the ppid. So I am dropping the set from there and > only doing it at the beginning. > > Please comment/ack/nak as soon as possible. Ehh... That's one hell of an overhead to be had ;-/ Let's be lazy. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--kernel/auditsc.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 105147631753..b61c0191f3da 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -278,8 +278,11 @@ static int audit_filter_rules(struct task_struct *tsk,
278 result = audit_comparator(tsk->pid, f->op, f->val); 278 result = audit_comparator(tsk->pid, f->op, f->val);
279 break; 279 break;
280 case AUDIT_PPID: 280 case AUDIT_PPID:
281 if (ctx) 281 if (ctx) {
282 if (!ctx->ppid)
283 ctx->ppid = sys_getppid();
282 result = audit_comparator(ctx->ppid, f->op, f->val); 284 result = audit_comparator(ctx->ppid, f->op, f->val);
285 }
283 break; 286 break;
284 case AUDIT_UID: 287 case AUDIT_UID:
285 result = audit_comparator(tsk->uid, f->op, f->val); 288 result = audit_comparator(tsk->uid, f->op, f->val);
@@ -795,7 +798,8 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
795 798
796 /* tsk == current */ 799 /* tsk == current */
797 context->pid = tsk->pid; 800 context->pid = tsk->pid;
798 context->ppid = sys_getppid(); /* sic. tsk == current in all cases */ 801 if (!context->ppid)
802 context->ppid = sys_getppid();
799 context->uid = tsk->uid; 803 context->uid = tsk->uid;
800 context->gid = tsk->gid; 804 context->gid = tsk->gid;
801 context->euid = tsk->euid; 805 context->euid = tsk->euid;
@@ -1137,6 +1141,7 @@ void audit_syscall_entry(int arch, int major,
1137 context->ctime = CURRENT_TIME; 1141 context->ctime = CURRENT_TIME;
1138 context->in_syscall = 1; 1142 context->in_syscall = 1;
1139 context->auditable = !!(state == AUDIT_RECORD_CONTEXT); 1143 context->auditable = !!(state == AUDIT_RECORD_CONTEXT);
1144 context->ppid = 0;
1140} 1145}
1141 1146
1142/** 1147/**