diff options
author | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-05-19 06:18:24 -0400 |
---|---|---|
committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-05-19 06:18:24 -0400 |
commit | cd77b8212d5473b800ac865364981d334ff564ea (patch) | |
tree | 334f44b05fc02039d67de5f9bfc26765e754b727 /security | |
parent | b7d1125817c9a46cc46f57db89d9c195e7af22f8 (diff) |
Restore logging of pid= and comm= in AVC audit messages
We turned this all off because the 'exe=' was causing deadlocks on
dcache_lock. There's no need to leave the pid and comm out though.
They'll all be logged correctly if full auditing is enabled, but we
should still print them in case auditing _isn't_ enabled.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/avc.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 042f91e9f9d2..62b963aca275 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
@@ -532,6 +532,7 @@ void avc_audit(u32 ssid, u32 tsid, | |||
532 | u16 tclass, u32 requested, | 532 | u16 tclass, u32 requested, |
533 | struct av_decision *avd, int result, struct avc_audit_data *a) | 533 | struct av_decision *avd, int result, struct avc_audit_data *a) |
534 | { | 534 | { |
535 | struct task_struct *tsk = current; | ||
535 | struct inode *inode = NULL; | 536 | struct inode *inode = NULL; |
536 | u32 denied, audited; | 537 | u32 denied, audited; |
537 | struct audit_buffer *ab; | 538 | struct audit_buffer *ab; |
@@ -555,6 +556,12 @@ void avc_audit(u32 ssid, u32 tsid, | |||
555 | audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted"); | 556 | audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted"); |
556 | avc_dump_av(ab, tclass,audited); | 557 | avc_dump_av(ab, tclass,audited); |
557 | audit_log_format(ab, " for "); | 558 | audit_log_format(ab, " for "); |
559 | if (a && a->tsk) | ||
560 | tsk = a->tsk; | ||
561 | if (a->tsk && a->tsk->pid) { | ||
562 | audit_log_format(ab, " pid=%d comm=", tsk->pid); | ||
563 | audit_log_untrustedstring(ab, tsk->comm); | ||
564 | } | ||
558 | if (a) { | 565 | if (a) { |
559 | switch (a->type) { | 566 | switch (a->type) { |
560 | case AVC_AUDIT_DATA_IPC: | 567 | case AVC_AUDIT_DATA_IPC: |