diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2013-12-11 13:52:26 -0500 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2014-03-20 10:11:55 -0400 |
commit | f1dc4867ff41b7bcca57fa19449d1fe7ad517ac1 (patch) | |
tree | 873f8e7625dc54ae20a0cc2513fb6a33027f36d7 /kernel/auditfilter.c | |
parent | c92cdeb45eea38515e82187f48c2e4f435fb4e25 (diff) |
audit: anchor all pid references in the initial pid namespace
Store and log all PIDs with reference to the initial PID namespace and
use the access functions task_pid_nr() and task_tgid_nr() for task->pid
and task->tgid.
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
(informed by ebiederman's c776b5d2)
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Diffstat (limited to 'kernel/auditfilter.c')
-rw-r--r-- | kernel/auditfilter.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 549bbb6e6597..96c8a704f130 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
@@ -433,6 +433,19 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
433 | f->val = 0; | 433 | f->val = 0; |
434 | } | 434 | } |
435 | 435 | ||
436 | if ((f->type == AUDIT_PID) || (f->type == AUDIT_PPID)) { | ||
437 | struct pid *pid; | ||
438 | rcu_read_lock(); | ||
439 | pid = find_vpid(f->val); | ||
440 | if (!pid) { | ||
441 | rcu_read_unlock(); | ||
442 | err = -ESRCH; | ||
443 | goto exit_free; | ||
444 | } | ||
445 | f->val = pid_nr(pid); | ||
446 | rcu_read_unlock(); | ||
447 | } | ||
448 | |||
436 | err = audit_field_valid(entry, f); | 449 | err = audit_field_valid(entry, f); |
437 | if (err) | 450 | if (err) |
438 | goto exit_free; | 451 | goto exit_free; |
@@ -1242,12 +1255,14 @@ static int audit_filter_user_rules(struct audit_krule *rule, int type, | |||
1242 | 1255 | ||
1243 | for (i = 0; i < rule->field_count; i++) { | 1256 | for (i = 0; i < rule->field_count; i++) { |
1244 | struct audit_field *f = &rule->fields[i]; | 1257 | struct audit_field *f = &rule->fields[i]; |
1258 | pid_t pid; | ||
1245 | int result = 0; | 1259 | int result = 0; |
1246 | u32 sid; | 1260 | u32 sid; |
1247 | 1261 | ||
1248 | switch (f->type) { | 1262 | switch (f->type) { |
1249 | case AUDIT_PID: | 1263 | case AUDIT_PID: |
1250 | result = audit_comparator(task_pid_vnr(current), f->op, f->val); | 1264 | pid = task_pid_nr(current); |
1265 | result = audit_comparator(pid, f->op, f->val); | ||
1251 | break; | 1266 | break; |
1252 | case AUDIT_UID: | 1267 | case AUDIT_UID: |
1253 | result = audit_uid_comparator(current_uid(), f->op, f->uid); | 1268 | result = audit_uid_comparator(current_uid(), f->op, f->uid); |