diff options
Diffstat (limited to 'security/apparmor/file.c')
| -rw-r--r-- | security/apparmor/file.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/security/apparmor/file.c b/security/apparmor/file.c index cf19d4093ca4..cd21ec5b90af 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c | |||
| @@ -65,7 +65,7 @@ static void audit_file_mask(struct audit_buffer *ab, u32 mask) | |||
| 65 | static void file_audit_cb(struct audit_buffer *ab, void *va) | 65 | static void file_audit_cb(struct audit_buffer *ab, void *va) |
| 66 | { | 66 | { |
| 67 | struct common_audit_data *sa = va; | 67 | struct common_audit_data *sa = va; |
| 68 | uid_t fsuid = current_fsuid(); | 68 | kuid_t fsuid = current_fsuid(); |
| 69 | 69 | ||
| 70 | if (sa->aad->fs.request & AA_AUDIT_FILE_MASK) { | 70 | if (sa->aad->fs.request & AA_AUDIT_FILE_MASK) { |
| 71 | audit_log_format(ab, " requested_mask="); | 71 | audit_log_format(ab, " requested_mask="); |
| @@ -76,8 +76,10 @@ static void file_audit_cb(struct audit_buffer *ab, void *va) | |||
| 76 | audit_file_mask(ab, sa->aad->fs.denied); | 76 | audit_file_mask(ab, sa->aad->fs.denied); |
| 77 | } | 77 | } |
| 78 | if (sa->aad->fs.request & AA_AUDIT_FILE_MASK) { | 78 | if (sa->aad->fs.request & AA_AUDIT_FILE_MASK) { |
| 79 | audit_log_format(ab, " fsuid=%d", fsuid); | 79 | audit_log_format(ab, " fsuid=%d", |
| 80 | audit_log_format(ab, " ouid=%d", sa->aad->fs.ouid); | 80 | from_kuid(&init_user_ns, fsuid)); |
| 81 | audit_log_format(ab, " ouid=%d", | ||
| 82 | from_kuid(&init_user_ns, sa->aad->fs.ouid)); | ||
| 81 | } | 83 | } |
| 82 | 84 | ||
| 83 | if (sa->aad->fs.target) { | 85 | if (sa->aad->fs.target) { |
| @@ -103,7 +105,7 @@ static void file_audit_cb(struct audit_buffer *ab, void *va) | |||
| 103 | */ | 105 | */ |
| 104 | int aa_audit_file(struct aa_profile *profile, struct file_perms *perms, | 106 | int aa_audit_file(struct aa_profile *profile, struct file_perms *perms, |
| 105 | gfp_t gfp, int op, u32 request, const char *name, | 107 | gfp_t gfp, int op, u32 request, const char *name, |
| 106 | const char *target, uid_t ouid, const char *info, int error) | 108 | const char *target, kuid_t ouid, const char *info, int error) |
| 107 | { | 109 | { |
| 108 | int type = AUDIT_APPARMOR_AUTO; | 110 | int type = AUDIT_APPARMOR_AUTO; |
| 109 | struct common_audit_data sa; | 111 | struct common_audit_data sa; |
| @@ -201,7 +203,7 @@ static struct file_perms compute_perms(struct aa_dfa *dfa, unsigned int state, | |||
| 201 | */ | 203 | */ |
| 202 | perms.kill = 0; | 204 | perms.kill = 0; |
| 203 | 205 | ||
| 204 | if (current_fsuid() == cond->uid) { | 206 | if (uid_eq(current_fsuid(), cond->uid)) { |
| 205 | perms.allow = map_old_perms(dfa_user_allow(dfa, state)); | 207 | perms.allow = map_old_perms(dfa_user_allow(dfa, state)); |
| 206 | perms.audit = map_old_perms(dfa_user_audit(dfa, state)); | 208 | perms.audit = map_old_perms(dfa_user_audit(dfa, state)); |
| 207 | perms.quiet = map_old_perms(dfa_user_quiet(dfa, state)); | 209 | perms.quiet = map_old_perms(dfa_user_quiet(dfa, state)); |