diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2014-02-28 23:36:55 -0500 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2014-03-20 10:11:02 -0400 |
commit | 099dd235113700bbb476e572cd191ddb77b9af46 (patch) | |
tree | 7f8137af9685dbe6c2ddbd686feaf13808ab7d2c /kernel/auditfilter.c | |
parent | 638a0fd2a062568c568661be0a780be8e8836d03 (diff) |
audit: Send replies in the proper network namespace.
In perverse cases of file descriptor passing the current network
namespace of a process and the network namespace of a socket used by
that socket may differ. Therefore use the network namespace of the
appropiate socket to ensure replies always go to the appropiate
socket.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel/auditfilter.c')
-rw-r--r-- | kernel/auditfilter.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index a0d470131fd0..549bbb6e6597 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
@@ -32,6 +32,7 @@ | |||
32 | #include <linux/slab.h> | 32 | #include <linux/slab.h> |
33 | #include <linux/security.h> | 33 | #include <linux/security.h> |
34 | #include <net/net_namespace.h> | 34 | #include <net/net_namespace.h> |
35 | #include <net/sock.h> | ||
35 | #include "audit.h" | 36 | #include "audit.h" |
36 | 37 | ||
37 | /* | 38 | /* |
@@ -1071,8 +1072,10 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data, | |||
1071 | * @portid: target portid for netlink audit messages | 1072 | * @portid: target portid for netlink audit messages |
1072 | * @seq: netlink audit message sequence (serial) number | 1073 | * @seq: netlink audit message sequence (serial) number |
1073 | */ | 1074 | */ |
1074 | int audit_list_rules_send(__u32 portid, int seq) | 1075 | int audit_list_rules_send(struct sk_buff *request_skb, int seq) |
1075 | { | 1076 | { |
1077 | u32 portid = NETLINK_CB(request_skb).portid; | ||
1078 | struct net *net = sock_net(NETLINK_CB(request_skb).sk); | ||
1076 | struct task_struct *tsk; | 1079 | struct task_struct *tsk; |
1077 | struct audit_netlink_list *dest; | 1080 | struct audit_netlink_list *dest; |
1078 | int err = 0; | 1081 | int err = 0; |
@@ -1086,7 +1089,7 @@ int audit_list_rules_send(__u32 portid, int seq) | |||
1086 | dest = kmalloc(sizeof(struct audit_netlink_list), GFP_KERNEL); | 1089 | dest = kmalloc(sizeof(struct audit_netlink_list), GFP_KERNEL); |
1087 | if (!dest) | 1090 | if (!dest) |
1088 | return -ENOMEM; | 1091 | return -ENOMEM; |
1089 | dest->net = get_net(current->nsproxy->net_ns); | 1092 | dest->net = get_net(net); |
1090 | dest->portid = portid; | 1093 | dest->portid = portid; |
1091 | skb_queue_head_init(&dest->q); | 1094 | skb_queue_head_init(&dest->q); |
1092 | 1095 | ||