diff options
Diffstat (limited to 'kernel/audit.c')
-rw-r--r-- | kernel/audit.c | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index ef35166fdc29..f0bbfe073136 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -107,13 +107,6 @@ static struct sk_buff_head audit_skb_queue; | |||
107 | static struct task_struct *kauditd_task; | 107 | static struct task_struct *kauditd_task; |
108 | static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait); | 108 | static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait); |
109 | 109 | ||
110 | /* There are three lists of rules -- one to search at task creation | ||
111 | * time, one to search at syscall entry time, and another to search at | ||
112 | * syscall exit time. */ | ||
113 | static LIST_HEAD(audit_tsklist); | ||
114 | static LIST_HEAD(audit_entlist); | ||
115 | static LIST_HEAD(audit_extlist); | ||
116 | |||
117 | /* The netlink socket is only to be read by 1 CPU, which lets us assume | 110 | /* The netlink socket is only to be read by 1 CPU, which lets us assume |
118 | * that list additions and deletions never happen simultaneously in | 111 | * that list additions and deletions never happen simultaneously in |
119 | * auditsc.c */ | 112 | * auditsc.c */ |
@@ -376,6 +369,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
376 | u16 msg_type = nlh->nlmsg_type; | 369 | u16 msg_type = nlh->nlmsg_type; |
377 | uid_t loginuid; /* loginuid of sender */ | 370 | uid_t loginuid; /* loginuid of sender */ |
378 | struct audit_sig_info sig_data; | 371 | struct audit_sig_info sig_data; |
372 | struct task_struct *tsk; | ||
379 | 373 | ||
380 | err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); | 374 | err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); |
381 | if (err) | 375 | if (err) |
@@ -435,15 +429,25 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
435 | break; | 429 | break; |
436 | case AUDIT_USER: | 430 | case AUDIT_USER: |
437 | case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: | 431 | case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: |
438 | ab = audit_log_start(NULL, msg_type); | 432 | read_lock(&tasklist_lock); |
439 | if (!ab) | 433 | tsk = find_task_by_pid(pid); |
440 | break; /* audit_panic has been called */ | 434 | if (tsk) |
441 | audit_log_format(ab, | 435 | get_task_struct(tsk); |
442 | "user pid=%d uid=%u auid=%u" | 436 | read_unlock(&tasklist_lock); |
443 | " msg='%.1024s'", | 437 | if (!tsk) |
444 | pid, uid, loginuid, (char *)data); | 438 | return -ESRCH; |
445 | audit_set_pid(ab, pid); | 439 | |
446 | audit_log_end(ab); | 440 | if (audit_filter_user(tsk, msg_type)) { |
441 | ab = audit_log_start(NULL, msg_type); | ||
442 | if (ab) { | ||
443 | audit_log_format(ab, | ||
444 | "user pid=%d uid=%u auid=%u msg='%.1024s'", | ||
445 | pid, uid, loginuid, (char *)data); | ||
446 | audit_set_pid(ab, pid); | ||
447 | audit_log_end(ab); | ||
448 | } | ||
449 | } | ||
450 | put_task_struct(tsk); | ||
447 | break; | 451 | break; |
448 | case AUDIT_ADD: | 452 | case AUDIT_ADD: |
449 | case AUDIT_DEL: | 453 | case AUDIT_DEL: |