diff options
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/audit.h | 1 | ||||
| -rw-r--r-- | kernel/auditsc.c | 12 |
2 files changed, 10 insertions, 3 deletions
diff --git a/kernel/audit.h b/kernel/audit.h index 1c95131ef760..123c9b7c3979 100644 --- a/kernel/audit.h +++ b/kernel/audit.h | |||
| @@ -85,6 +85,7 @@ struct audit_names { | |||
| 85 | 85 | ||
| 86 | struct filename *name; | 86 | struct filename *name; |
| 87 | int name_len; /* number of chars to log */ | 87 | int name_len; /* number of chars to log */ |
| 88 | bool hidden; /* don't log this record */ | ||
| 88 | bool name_put; /* call __putname()? */ | 89 | bool name_put; /* call __putname()? */ |
| 89 | 90 | ||
| 90 | unsigned long ino; | 91 | unsigned long ino; |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 3c8a601324a2..9845cb32b60a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -1399,8 +1399,11 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
| 1399 | } | 1399 | } |
| 1400 | 1400 | ||
| 1401 | i = 0; | 1401 | i = 0; |
| 1402 | list_for_each_entry(n, &context->names_list, list) | 1402 | list_for_each_entry(n, &context->names_list, list) { |
| 1403 | if (n->hidden) | ||
| 1404 | continue; | ||
| 1403 | audit_log_name(context, n, NULL, i++, &call_panic); | 1405 | audit_log_name(context, n, NULL, i++, &call_panic); |
| 1406 | } | ||
| 1404 | 1407 | ||
| 1405 | /* Send end of event record to help user space know we are finished */ | 1408 | /* Send end of event record to help user space know we are finished */ |
| 1406 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_EOE); | 1409 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_EOE); |
| @@ -1769,14 +1772,15 @@ void audit_putname(struct filename *name) | |||
| 1769 | * __audit_inode - store the inode and device from a lookup | 1772 | * __audit_inode - store the inode and device from a lookup |
| 1770 | * @name: name being audited | 1773 | * @name: name being audited |
| 1771 | * @dentry: dentry being audited | 1774 | * @dentry: dentry being audited |
| 1772 | * @parent: does this dentry represent the parent? | 1775 | * @flags: attributes for this particular entry |
| 1773 | */ | 1776 | */ |
| 1774 | void __audit_inode(struct filename *name, const struct dentry *dentry, | 1777 | void __audit_inode(struct filename *name, const struct dentry *dentry, |
| 1775 | unsigned int parent) | 1778 | unsigned int flags) |
| 1776 | { | 1779 | { |
| 1777 | struct audit_context *context = current->audit_context; | 1780 | struct audit_context *context = current->audit_context; |
| 1778 | const struct inode *inode = dentry->d_inode; | 1781 | const struct inode *inode = dentry->d_inode; |
| 1779 | struct audit_names *n; | 1782 | struct audit_names *n; |
| 1783 | bool parent = flags & AUDIT_INODE_PARENT; | ||
| 1780 | 1784 | ||
| 1781 | if (!context->in_syscall) | 1785 | if (!context->in_syscall) |
| 1782 | return; | 1786 | return; |
| @@ -1831,6 +1835,8 @@ out: | |||
| 1831 | if (parent) { | 1835 | if (parent) { |
| 1832 | n->name_len = n->name ? parent_len(n->name->name) : AUDIT_NAME_FULL; | 1836 | n->name_len = n->name ? parent_len(n->name->name) : AUDIT_NAME_FULL; |
| 1833 | n->type = AUDIT_TYPE_PARENT; | 1837 | n->type = AUDIT_TYPE_PARENT; |
| 1838 | if (flags & AUDIT_INODE_HIDDEN) | ||
| 1839 | n->hidden = true; | ||
| 1834 | } else { | 1840 | } else { |
| 1835 | n->name_len = AUDIT_NAME_FULL; | 1841 | n->name_len = AUDIT_NAME_FULL; |
| 1836 | n->type = AUDIT_TYPE_NORMAL; | 1842 | n->type = AUDIT_TYPE_NORMAL; |