diff options
author | Eric Paris <eparis@redhat.com> | 2009-09-23 13:46:00 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-09-24 03:50:26 -0400 |
commit | 939cbf260c1abce6cad4b95ea4ba9f5132b660b3 (patch) | |
tree | 598b4ec56e0bef7d76a8a32136c24348d387756d | |
parent | 44e51a1b7852bd421ff5303c64dcc5c8524c21ef (diff) |
Audit: send signal info if selinux is disabled
Audit will not respond to signal requests if selinux is disabled since it is
unable to translate the 0 sid from the sending process to a context. This
patch just doesn't send the context info if there isn't any.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | kernel/audit.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index defc2e6f1e3b..5feed232be9d 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -855,18 +855,24 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
855 | break; | 855 | break; |
856 | } | 856 | } |
857 | case AUDIT_SIGNAL_INFO: | 857 | case AUDIT_SIGNAL_INFO: |
858 | err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); | 858 | len = 0; |
859 | if (err) | 859 | if (audit_sig_sid) { |
860 | return err; | 860 | err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); |
861 | if (err) | ||
862 | return err; | ||
863 | } | ||
861 | sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); | 864 | sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); |
862 | if (!sig_data) { | 865 | if (!sig_data) { |
863 | security_release_secctx(ctx, len); | 866 | if (audit_sig_sid) |
867 | security_release_secctx(ctx, len); | ||
864 | return -ENOMEM; | 868 | return -ENOMEM; |
865 | } | 869 | } |
866 | sig_data->uid = audit_sig_uid; | 870 | sig_data->uid = audit_sig_uid; |
867 | sig_data->pid = audit_sig_pid; | 871 | sig_data->pid = audit_sig_pid; |
868 | memcpy(sig_data->ctx, ctx, len); | 872 | if (audit_sig_sid) { |
869 | security_release_secctx(ctx, len); | 873 | memcpy(sig_data->ctx, ctx, len); |
874 | security_release_secctx(ctx, len); | ||
875 | } | ||
870 | audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO, | 876 | audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO, |
871 | 0, 0, sig_data, sizeof(*sig_data) + len); | 877 | 0, 0, sig_data, sizeof(*sig_data) + len); |
872 | kfree(sig_data); | 878 | kfree(sig_data); |