audit: anchor all pid references in the initial pid namespace

Store and log all PIDs with reference to the initial PID namespace and
use the access functions task_pid_nr() and task_tgid_nr() for task->pid
and task->tgid.

Cc: "Eric W. Biederman" <ebiederm@xmission.com>
(informed by ebiederman's c776b5d2)
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>

1 files changed, 7 insertions, 4 deletions

diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 9a62045e6282..69fdf3bc765b 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -220,7 +220,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
          */
         BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2);
 
-        audit_log_format(ab, " pid=%d comm=", tsk->pid);
+        audit_log_format(ab, " pid=%d comm=", task_pid_nr(tsk));
         audit_log_untrustedstring(ab, tsk->comm);
 
         switch (a->type) {
@@ -278,9 +278,12 @@ static void dump_common_audit_data(struct audit_buffer *ab,
         }
         case LSM_AUDIT_DATA_TASK:
                 tsk = a->u.tsk;
-                if (tsk && tsk->pid) {
-                        audit_log_format(ab, " pid=%d comm=", tsk->pid);
-                        audit_log_untrustedstring(ab, tsk->comm);
+                if (tsk) {
+                        pid_t pid = task_pid_nr(tsk);
+                        if (pid) {
+                                audit_log_format(ab, " pid=%d comm=", pid);
+                                audit_log_untrustedstring(ab, tsk->comm);
+                        }
                 }
                 break;
         case LSM_AUDIT_DATA_NET: