diff options
| author | Richard Guy Briggs <rgb@redhat.com> | 2013-12-11 13:52:26 -0500 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2014-03-20 10:11:55 -0400 |
| commit | f1dc4867ff41b7bcca57fa19449d1fe7ad517ac1 (patch) | |
| tree | 873f8e7625dc54ae20a0cc2513fb6a33027f36d7 /kernel/auditfilter.c | |
| parent | c92cdeb45eea38515e82187f48c2e4f435fb4e25 (diff) | |
audit: anchor all pid references in the initial pid namespace
Store and log all PIDs with reference to the initial PID namespace and
use the access functions task_pid_nr() and task_tgid_nr() for task->pid
and task->tgid.
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
(informed by ebiederman's c776b5d2)
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Diffstat (limited to 'kernel/auditfilter.c')
| -rw-r--r-- | kernel/auditfilter.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 549bbb6e6597..96c8a704f130 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -433,6 +433,19 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
| 433 | f->val = 0; | 433 | f->val = 0; |
| 434 | } | 434 | } |
| 435 | 435 | ||
| 436 | if ((f->type == AUDIT_PID) || (f->type == AUDIT_PPID)) { | ||
| 437 | struct pid *pid; | ||
| 438 | rcu_read_lock(); | ||
| 439 | pid = find_vpid(f->val); | ||
| 440 | if (!pid) { | ||
| 441 | rcu_read_unlock(); | ||
| 442 | err = -ESRCH; | ||
| 443 | goto exit_free; | ||
| 444 | } | ||
| 445 | f->val = pid_nr(pid); | ||
| 446 | rcu_read_unlock(); | ||
| 447 | } | ||
| 448 | |||
| 436 | err = audit_field_valid(entry, f); | 449 | err = audit_field_valid(entry, f); |
| 437 | if (err) | 450 | if (err) |
| 438 | goto exit_free; | 451 | goto exit_free; |
| @@ -1242,12 +1255,14 @@ static int audit_filter_user_rules(struct audit_krule *rule, int type, | |||
| 1242 | 1255 | ||
| 1243 | for (i = 0; i < rule->field_count; i++) { | 1256 | for (i = 0; i < rule->field_count; i++) { |
| 1244 | struct audit_field *f = &rule->fields[i]; | 1257 | struct audit_field *f = &rule->fields[i]; |
| 1258 | pid_t pid; | ||
| 1245 | int result = 0; | 1259 | int result = 0; |
| 1246 | u32 sid; | 1260 | u32 sid; |
| 1247 | 1261 | ||
| 1248 | switch (f->type) { | 1262 | switch (f->type) { |
| 1249 | case AUDIT_PID: | 1263 | case AUDIT_PID: |
| 1250 | result = audit_comparator(task_pid_vnr(current), f->op, f->val); | 1264 | pid = task_pid_nr(current); |
| 1265 | result = audit_comparator(pid, f->op, f->val); | ||
| 1251 | break; | 1266 | break; |
| 1252 | case AUDIT_UID: | 1267 | case AUDIT_UID: |
| 1253 | result = audit_uid_comparator(current_uid(), f->op, f->uid); | 1268 | result = audit_uid_comparator(current_uid(), f->op, f->uid); |