diff options
| author | Amy Griffis <amy.griffis@hp.com> | 2006-07-13 13:16:39 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-08-03 10:50:30 -0400 |
| commit | 73d3ec5abad3f1730ac8530899d2c14d92f3ad63 (patch) | |
| tree | c2829a1e36ca155eecc7d4b8648fe9755247bec5 /kernel | |
| parent | 3e2efce067cec0099f99ae59f28feda99b02b498 (diff) | |
[PATCH] fix missed create event for directory audit
When an object is created via a symlink into an audited directory, audit misses
the event due to not having collected the inode data for the directory. Modify
__audit_inode_child() to copy the parent inode data if a parent wasn't found in
audit_names[].
Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/auditsc.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b939ed2da3ee..b1356fc63b26 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -1251,7 +1251,7 @@ void __audit_inode(const char *name, const struct inode *inode) | |||
| 1251 | * audit_inode_child - collect inode info for created/removed objects | 1251 | * audit_inode_child - collect inode info for created/removed objects |
| 1252 | * @dname: inode's dentry name | 1252 | * @dname: inode's dentry name |
| 1253 | * @inode: inode being audited | 1253 | * @inode: inode being audited |
| 1254 | * @pino: inode number of dentry parent | 1254 | * @parent: inode of dentry parent |
| 1255 | * | 1255 | * |
| 1256 | * For syscalls that create or remove filesystem objects, audit_inode | 1256 | * For syscalls that create or remove filesystem objects, audit_inode |
| 1257 | * can only collect information for the filesystem object's parent. | 1257 | * can only collect information for the filesystem object's parent. |
| @@ -1262,7 +1262,7 @@ void __audit_inode(const char *name, const struct inode *inode) | |||
| 1262 | * unsuccessful attempts. | 1262 | * unsuccessful attempts. |
| 1263 | */ | 1263 | */ |
| 1264 | void __audit_inode_child(const char *dname, const struct inode *inode, | 1264 | void __audit_inode_child(const char *dname, const struct inode *inode, |
| 1265 | unsigned long pino) | 1265 | const struct inode *parent) |
| 1266 | { | 1266 | { |
| 1267 | int idx; | 1267 | int idx; |
| 1268 | struct audit_context *context = current->audit_context; | 1268 | struct audit_context *context = current->audit_context; |
| @@ -1276,7 +1276,7 @@ void __audit_inode_child(const char *dname, const struct inode *inode, | |||
| 1276 | if (!dname) | 1276 | if (!dname) |
| 1277 | goto update_context; | 1277 | goto update_context; |
| 1278 | for (idx = 0; idx < context->name_count; idx++) | 1278 | for (idx = 0; idx < context->name_count; idx++) |
| 1279 | if (context->names[idx].ino == pino) { | 1279 | if (context->names[idx].ino == parent->i_ino) { |
| 1280 | const char *name = context->names[idx].name; | 1280 | const char *name = context->names[idx].name; |
| 1281 | 1281 | ||
| 1282 | if (!name) | 1282 | if (!name) |
| @@ -1304,6 +1304,16 @@ update_context: | |||
| 1304 | context->names[idx].ino = (unsigned long)-1; | 1304 | context->names[idx].ino = (unsigned long)-1; |
| 1305 | else | 1305 | else |
| 1306 | audit_copy_inode(&context->names[idx], inode); | 1306 | audit_copy_inode(&context->names[idx], inode); |
| 1307 | |||
| 1308 | /* A parent was not found in audit_names, so copy the inode data for the | ||
| 1309 | * provided parent. */ | ||
| 1310 | if (!found_name) { | ||
| 1311 | idx = context->name_count++; | ||
| 1312 | #if AUDIT_DEBUG | ||
| 1313 | context->ino_count++; | ||
| 1314 | #endif | ||
| 1315 | audit_copy_inode(&context->names[idx], parent); | ||
| 1316 | } | ||
| 1307 | } | 1317 | } |
| 1308 | 1318 | ||
| 1309 | /** | 1319 | /** |