diff options
| author | Kees Cook <keescook@chromium.org> | 2012-07-25 20:29:08 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-07-29 13:43:08 -0400 |
| commit | a51d9eaa41866ab6b4b6ecad7b621f8b66ece0dc (patch) | |
| tree | f8ab532f946ec7f9ccdabb6a394d952981084122 /fs | |
| parent | 800179c9b8a1e796e441674776d11cd4c05d61d7 (diff) | |
fs: add link restriction audit reporting
Adds audit messages for unexpected link restriction violations so that
system owners will have some sort of potentially actionable information
about misbehaving processes.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/namei.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/namei.c b/fs/namei.c index 3861d85f8488..618d3531cf9f 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
| @@ -692,6 +692,7 @@ static inline int may_follow_link(struct path *link, struct nameidata *nd) | |||
| 692 | 692 | ||
| 693 | path_put_conditional(link, nd); | 693 | path_put_conditional(link, nd); |
| 694 | path_put(&nd->path); | 694 | path_put(&nd->path); |
| 695 | audit_log_link_denied("follow_link", link); | ||
| 695 | return -EACCES; | 696 | return -EACCES; |
| 696 | } | 697 | } |
| 697 | 698 | ||
| @@ -760,6 +761,7 @@ static int may_linkat(struct path *link) | |||
| 760 | capable(CAP_FOWNER)) | 761 | capable(CAP_FOWNER)) |
| 761 | return 0; | 762 | return 0; |
| 762 | 763 | ||
| 764 | audit_log_link_denied("linkat", link); | ||
| 763 | return -EPERM; | 765 | return -EPERM; |
| 764 | } | 766 | } |
| 765 | 767 | ||