diff options
| -rw-r--r-- | kernel/audit.c | 39 |
1 files changed, 22 insertions, 17 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 9442c3533ba9..f7ab4a479cdd 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -375,6 +375,25 @@ static void audit_hold_skb(struct sk_buff *skb) | |||
| 375 | kfree_skb(skb); | 375 | kfree_skb(skb); |
| 376 | } | 376 | } |
| 377 | 377 | ||
| 378 | /* | ||
| 379 | * For one reason or another this nlh isn't getting delivered to the userspace | ||
| 380 | * audit daemon, just send it to printk. | ||
| 381 | */ | ||
| 382 | static void audit_printk_skb(struct sk_buff *skb) | ||
| 383 | { | ||
| 384 | struct nlmsghdr *nlh = nlmsg_hdr(skb); | ||
| 385 | char *data = NLMSG_DATA(nlh); | ||
| 386 | |||
| 387 | if (nlh->nlmsg_type != AUDIT_EOE) { | ||
| 388 | if (printk_ratelimit()) | ||
| 389 | printk(KERN_NOTICE "type=%d %s\n", nlh->nlmsg_type, data); | ||
| 390 | else | ||
| 391 | audit_log_lost("printk limit exceeded\n"); | ||
| 392 | } | ||
| 393 | |||
| 394 | audit_hold_skb(skb); | ||
| 395 | } | ||
| 396 | |||
| 378 | static void kauditd_send_skb(struct sk_buff *skb) | 397 | static void kauditd_send_skb(struct sk_buff *skb) |
| 379 | { | 398 | { |
| 380 | int err; | 399 | int err; |
| @@ -427,14 +446,8 @@ static int kauditd_thread(void *dummy) | |||
| 427 | if (skb) { | 446 | if (skb) { |
| 428 | if (audit_pid) | 447 | if (audit_pid) |
| 429 | kauditd_send_skb(skb); | 448 | kauditd_send_skb(skb); |
| 430 | else { | 449 | else |
| 431 | if (printk_ratelimit()) | 450 | audit_printk_skb(skb); |
| 432 | printk(KERN_NOTICE "%s\n", skb->data + NLMSG_SPACE(0)); | ||
| 433 | else | ||
| 434 | audit_log_lost("printk limit exceeded\n"); | ||
| 435 | |||
| 436 | audit_hold_skb(skb); | ||
| 437 | } | ||
| 438 | } else { | 451 | } else { |
| 439 | DECLARE_WAITQUEUE(wait, current); | 452 | DECLARE_WAITQUEUE(wait, current); |
| 440 | set_current_state(TASK_INTERRUPTIBLE); | 453 | set_current_state(TASK_INTERRUPTIBLE); |
| @@ -1475,15 +1488,7 @@ void audit_log_end(struct audit_buffer *ab) | |||
| 1475 | skb_queue_tail(&audit_skb_queue, ab->skb); | 1488 | skb_queue_tail(&audit_skb_queue, ab->skb); |
| 1476 | wake_up_interruptible(&kauditd_wait); | 1489 | wake_up_interruptible(&kauditd_wait); |
| 1477 | } else { | 1490 | } else { |
| 1478 | if (nlh->nlmsg_type != AUDIT_EOE) { | 1491 | audit_printk_skb(ab->skb); |
| 1479 | if (printk_ratelimit()) { | ||
| 1480 | printk(KERN_NOTICE "type=%d %s\n", | ||
| 1481 | nlh->nlmsg_type, | ||
| 1482 | ab->skb->data + NLMSG_SPACE(0)); | ||
| 1483 | } else | ||
| 1484 | audit_log_lost("printk limit exceeded\n"); | ||
| 1485 | } | ||
| 1486 | audit_hold_skb(ab->skb); | ||
| 1487 | } | 1492 | } |
| 1488 | ab->skb = NULL; | 1493 | ab->skb = NULL; |
| 1489 | } | 1494 | } |