diff options
author | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-06-20 11:07:33 -0400 |
---|---|---|
committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-06-20 11:07:33 -0400 |
commit | f7056d64ae101d910f965a2e39831f635ef7891b (patch) | |
tree | 854070383dca5ba3e865c663485a5d97adbbcf54 /kernel | |
parent | d6e0e1585a1a9a15e48ec47206a809828afe4450 (diff) |
AUDIT: Really exempt auditd from having its actions audited.
We were only avoiding it on syscall exit before; now stop _everything_.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditsc.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6b4fbb1c0129..48a39579c45c 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -477,6 +477,9 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, | |||
477 | int word = AUDIT_WORD(ctx->major); | 477 | int word = AUDIT_WORD(ctx->major); |
478 | int bit = AUDIT_BIT(ctx->major); | 478 | int bit = AUDIT_BIT(ctx->major); |
479 | 479 | ||
480 | if (audit_pid && ctx->pid == audit_pid) | ||
481 | return AUDIT_DISABLED; | ||
482 | |||
480 | rcu_read_lock(); | 483 | rcu_read_lock(); |
481 | list_for_each_entry_rcu(e, list, list) { | 484 | list_for_each_entry_rcu(e, list, list) { |
482 | if ((e->rule.mask[word] & bit) == bit | 485 | if ((e->rule.mask[word] & bit) == bit |
@@ -494,6 +497,9 @@ int audit_filter_user(struct task_struct *tsk, int type) | |||
494 | struct audit_entry *e; | 497 | struct audit_entry *e; |
495 | enum audit_state state; | 498 | enum audit_state state; |
496 | 499 | ||
500 | if (audit_pid && tsk->pid == audit_pid) | ||
501 | return AUDIT_DISABLED; | ||
502 | |||
497 | rcu_read_lock(); | 503 | rcu_read_lock(); |
498 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) { | 504 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) { |
499 | if (audit_filter_rules(tsk, &e->rule, NULL, &state)) { | 505 | if (audit_filter_rules(tsk, &e->rule, NULL, &state)) { |
@@ -816,7 +822,7 @@ void audit_free(struct task_struct *tsk) | |||
816 | 822 | ||
817 | /* Check for system calls that do not go through the exit | 823 | /* Check for system calls that do not go through the exit |
818 | * function (e.g., exit_group), then free context block. */ | 824 | * function (e.g., exit_group), then free context block. */ |
819 | if (context->in_syscall && context->auditable && context->pid != audit_pid) | 825 | if (context->in_syscall && context->auditable) |
820 | audit_log_exit(context); | 826 | audit_log_exit(context); |
821 | 827 | ||
822 | audit_free_context(context); | 828 | audit_free_context(context); |
@@ -921,7 +927,7 @@ void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code) | |||
921 | if (likely(!context)) | 927 | if (likely(!context)) |
922 | return; | 928 | return; |
923 | 929 | ||
924 | if (context->in_syscall && context->auditable && context->pid != audit_pid) | 930 | if (context->in_syscall && context->auditable) |
925 | audit_log_exit(context); | 931 | audit_log_exit(context); |
926 | 932 | ||
927 | context->in_syscall = 0; | 933 | context->in_syscall = 0; |