aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/audit.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c36
1 files changed, 20 insertions, 16 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index ef35166fdc29..f0bbfe073136 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -107,13 +107,6 @@ static struct sk_buff_head audit_skb_queue;
107static struct task_struct *kauditd_task; 107static struct task_struct *kauditd_task;
108static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait); 108static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait);
109 109
110/* There are three lists of rules -- one to search at task creation
111 * time, one to search at syscall entry time, and another to search at
112 * syscall exit time. */
113static LIST_HEAD(audit_tsklist);
114static LIST_HEAD(audit_entlist);
115static LIST_HEAD(audit_extlist);
116
117/* The netlink socket is only to be read by 1 CPU, which lets us assume 110/* The netlink socket is only to be read by 1 CPU, which lets us assume
118 * that list additions and deletions never happen simultaneously in 111 * that list additions and deletions never happen simultaneously in
119 * auditsc.c */ 112 * auditsc.c */
@@ -376,6 +369,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
376 u16 msg_type = nlh->nlmsg_type; 369 u16 msg_type = nlh->nlmsg_type;
377 uid_t loginuid; /* loginuid of sender */ 370 uid_t loginuid; /* loginuid of sender */
378 struct audit_sig_info sig_data; 371 struct audit_sig_info sig_data;
372 struct task_struct *tsk;
379 373
380 err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); 374 err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type);
381 if (err) 375 if (err)
@@ -435,15 +429,25 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
435 break; 429 break;
436 case AUDIT_USER: 430 case AUDIT_USER:
437 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: 431 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
438 ab = audit_log_start(NULL, msg_type); 432 read_lock(&tasklist_lock);
439 if (!ab) 433 tsk = find_task_by_pid(pid);
440 break; /* audit_panic has been called */ 434 if (tsk)
441 audit_log_format(ab, 435 get_task_struct(tsk);
442 "user pid=%d uid=%u auid=%u" 436 read_unlock(&tasklist_lock);
443 " msg='%.1024s'", 437 if (!tsk)
444 pid, uid, loginuid, (char *)data); 438 return -ESRCH;
445 audit_set_pid(ab, pid); 439
446 audit_log_end(ab); 440 if (audit_filter_user(tsk, msg_type)) {
441 ab = audit_log_start(NULL, msg_type);
442 if (ab) {
443 audit_log_format(ab,
444 "user pid=%d uid=%u auid=%u msg='%.1024s'",
445 pid, uid, loginuid, (char *)data);
446 audit_set_pid(ab, pid);
447 audit_log_end(ab);
448 }
449 }
450 put_task_struct(tsk);
447 break; 451 break;
448 case AUDIT_ADD: 452 case AUDIT_ADD:
449 case AUDIT_DEL: 453 case AUDIT_DEL: