diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2005-05-20 19:15:52 -0400 |
|---|---|---|
| committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-05-20 19:15:52 -0400 |
| commit | 011161051bbc25f7f8b7df059dbd934c534443f0 (patch) | |
| tree | f1ca3727e4130cacad86dfdae65e7533fcb67784 /security | |
| parent | fb19b4c6aa024837a0071f07baa07dbf49d07151 (diff) | |
AUDIT: Avoid sleeping function in SElinux AVC audit.
This patch changes the SELinux AVC to defer logging of paths to the audit
framework upon syscall exit, by saving a reference to the (dentry,vfsmount)
pair in an auxiliary audit item on the current audit context for processing
by audit_log_exit.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/avc.c | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 62b963aca275..0fbc3e98c5ea 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
| @@ -573,13 +573,10 @@ void avc_audit(u32 ssid, u32 tsid, | |||
| 573 | case AVC_AUDIT_DATA_FS: | 573 | case AVC_AUDIT_DATA_FS: |
| 574 | if (a->u.fs.dentry) { | 574 | if (a->u.fs.dentry) { |
| 575 | struct dentry *dentry = a->u.fs.dentry; | 575 | struct dentry *dentry = a->u.fs.dentry; |
| 576 | if (a->u.fs.mnt) { | 576 | if (a->u.fs.mnt) |
| 577 | audit_log_d_path(ab, "path=", dentry, | 577 | audit_avc_path(dentry, a->u.fs.mnt); |
| 578 | a->u.fs.mnt); | 578 | audit_log_format(ab, " name=%s", |
| 579 | } else { | 579 | dentry->d_name.name); |
| 580 | audit_log_format(ab, " name=%s", | ||
| 581 | dentry->d_name.name); | ||
| 582 | } | ||
| 583 | inode = dentry->d_inode; | 580 | inode = dentry->d_inode; |
| 584 | } else if (a->u.fs.inode) { | 581 | } else if (a->u.fs.inode) { |
| 585 | struct dentry *dentry; | 582 | struct dentry *dentry; |
| @@ -630,8 +627,10 @@ void avc_audit(u32 ssid, u32 tsid, | |||
| 630 | case AF_UNIX: | 627 | case AF_UNIX: |
| 631 | u = unix_sk(sk); | 628 | u = unix_sk(sk); |
| 632 | if (u->dentry) { | 629 | if (u->dentry) { |
| 633 | audit_log_d_path(ab, "path=", | 630 | audit_avc_path(u->dentry, u->mnt); |
| 634 | u->dentry, u->mnt); | 631 | audit_log_format(ab, " name=%s", |
| 632 | u->dentry->d_name.name); | ||
| 633 | |||
| 635 | break; | 634 | break; |
| 636 | } | 635 | } |
| 637 | if (!u->addr) | 636 | if (!u->addr) |