aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-06-20 11:07:33 -0400
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-06-20 11:07:33 -0400
commitf7056d64ae101d910f965a2e39831f635ef7891b (patch)
tree854070383dca5ba3e865c663485a5d97adbbcf54 /kernel
parentd6e0e1585a1a9a15e48ec47206a809828afe4450 (diff)
AUDIT: Really exempt auditd from having its actions audited.
We were only avoiding it on syscall exit before; now stop _everything_. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditsc.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 6b4fbb1c0129..48a39579c45c 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -477,6 +477,9 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
477 int word = AUDIT_WORD(ctx->major); 477 int word = AUDIT_WORD(ctx->major);
478 int bit = AUDIT_BIT(ctx->major); 478 int bit = AUDIT_BIT(ctx->major);
479 479
480 if (audit_pid && ctx->pid == audit_pid)
481 return AUDIT_DISABLED;
482
480 rcu_read_lock(); 483 rcu_read_lock();
481 list_for_each_entry_rcu(e, list, list) { 484 list_for_each_entry_rcu(e, list, list) {
482 if ((e->rule.mask[word] & bit) == bit 485 if ((e->rule.mask[word] & bit) == bit
@@ -494,6 +497,9 @@ int audit_filter_user(struct task_struct *tsk, int type)
494 struct audit_entry *e; 497 struct audit_entry *e;
495 enum audit_state state; 498 enum audit_state state;
496 499
500 if (audit_pid && tsk->pid == audit_pid)
501 return AUDIT_DISABLED;
502
497 rcu_read_lock(); 503 rcu_read_lock();
498 list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) { 504 list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
499 if (audit_filter_rules(tsk, &e->rule, NULL, &state)) { 505 if (audit_filter_rules(tsk, &e->rule, NULL, &state)) {
@@ -816,7 +822,7 @@ void audit_free(struct task_struct *tsk)
816 822
817 /* Check for system calls that do not go through the exit 823 /* Check for system calls that do not go through the exit
818 * function (e.g., exit_group), then free context block. */ 824 * function (e.g., exit_group), then free context block. */
819 if (context->in_syscall && context->auditable && context->pid != audit_pid) 825 if (context->in_syscall && context->auditable)
820 audit_log_exit(context); 826 audit_log_exit(context);
821 827
822 audit_free_context(context); 828 audit_free_context(context);
@@ -921,7 +927,7 @@ void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code)
921 if (likely(!context)) 927 if (likely(!context))
922 return; 928 return;
923 929
924 if (context->in_syscall && context->auditable && context->pid != audit_pid) 930 if (context->in_syscall && context->auditable)
925 audit_log_exit(context); 931 audit_log_exit(context);
926 932
927 context->in_syscall = 0; 933 context->in_syscall = 0;