From 3e2efce067cec0099f99ae59f28feda99b02b498 Mon Sep 17 00:00:00 2001 From: Amy Griffis Date: Thu, 13 Jul 2006 13:16:02 -0400 Subject: [PATCH] fix faulty inode data collection for open() with O_CREAT When the specified path is an existing file or when it is a symlink, audit collects the wrong inode number, which causes it to miss the open() event. Adding a second hook to the open() path fixes this. Also add audit_copy_inode() to consolidate some code. Signed-off-by: Amy Griffis Signed-off-by: Al Viro --- include/linux/audit.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'include/linux/audit.h') diff --git a/include/linux/audit.h b/include/linux/audit.h index b27d7debc5a1..e7e5e5348987 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -328,6 +328,7 @@ extern void audit_putname(const char *name); extern void __audit_inode(const char *name, const struct inode *inode); extern void __audit_inode_child(const char *dname, const struct inode *inode, unsigned long pino); +extern void __audit_inode_update(const struct inode *inode); static inline void audit_getname(const char *name) { if (unlikely(current->audit_context)) @@ -343,6 +344,10 @@ static inline void audit_inode_child(const char *dname, if (unlikely(current->audit_context)) __audit_inode_child(dname, inode, pino); } +static inline void audit_inode_update(const struct inode *inode) { + if (unlikely(current->audit_context)) + __audit_inode_update(inode); +} /* Private API (for audit.c only) */ extern unsigned int audit_serial(void); @@ -414,8 +419,10 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) #define audit_putname(n) do { ; } while (0) #define __audit_inode(n,i) do { ; } while (0) #define __audit_inode_child(d,i,p) do { ; } while (0) +#define __audit_inode_update(i) do { ; } while (0) #define audit_inode(n,i) do { ; } while (0) #define audit_inode_child(d,i,p) do { ; } while (0) +#define audit_inode_update(i) do { ; } while (0) #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) #define audit_get_loginuid(c) ({ -1; }) #define audit_ipc_obj(i) ({ 0; }) -- cgit v1.2.2