summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2013-03-19 00:02:25 -0700
committerEric Paris <eparis@redhat.com>2014-01-13 22:26:48 -0500
commitca24a23ebca17d9d0f2afde4ee49cd810bccc8d7 (patch)
tree9049f1e4911b21c181b3dcb435b5c75c8e18142c
parentfc582aef7dcc27a7120cf232c1e76c569c7b6eab (diff)
downloadlinux-ca24a23ebca17d9d0f2afde4ee49cd810bccc8d7.tar.gz
linux-ca24a23ebca17d9d0f2afde4ee49cd810bccc8d7.tar.bz2
linux-ca24a23ebca17d9d0f2afde4ee49cd810bccc8d7.zip
audit: Simplify and correct audit_log_capset
- Always report the current process as capset now always only works on the current process. This prevents reporting 0 or a random pid in a random pid namespace. - Don't bother to pass the pid as is available. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> (cherry picked from commit bcc85f0af31af123e32858069eb2ad8f39f90e67) (cherry picked from commit f911cac4556a7a23e0b3ea850233d13b32328692) Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [eparis: fix build error when audit disabled] Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r--include/linux/audit.h10
-rw-r--r--kernel/auditsc.c6
-rw-r--r--kernel/capability.c2
3 files changed, 8 insertions, 10 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index a40641954c29..c9a66c6f1307 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -220,7 +220,7 @@ extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
const struct cred *new,
const struct cred *old);
-extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old);
+extern void __audit_log_capset(const struct cred *new, const struct cred *old);
extern void __audit_mmap_fd(int fd, int flags);
static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
@@ -285,11 +285,11 @@ static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
return 0;
}
-static inline void audit_log_capset(pid_t pid, const struct cred *new,
+static inline void audit_log_capset(const struct cred *new,
const struct cred *old)
{
if (unlikely(!audit_dummy_context()))
- __audit_log_capset(pid, new, old);
+ __audit_log_capset(new, old);
}
static inline void audit_mmap_fd(int fd, int flags)
@@ -397,8 +397,8 @@ static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
{
return 0;
}
-static inline void audit_log_capset(pid_t pid, const struct cred *new,
- const struct cred *old)
+static inline void audit_log_capset(const struct cred *new,
+ const struct cred *old)
{ }
static inline void audit_mmap_fd(int fd, int flags)
{ }
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 90594c9f7552..df1e685809e1 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2321,18 +2321,16 @@ int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
/**
* __audit_log_capset - store information about the arguments to the capset syscall
- * @pid: target pid of the capset call
* @new: the new credentials
* @old: the old (current) credentials
*
* Record the aguments userspace sent to sys_capset for later printing by the
* audit system if applicable
*/
-void __audit_log_capset(pid_t pid,
- const struct cred *new, const struct cred *old)
+void __audit_log_capset(const struct cred *new, const struct cred *old)
{
struct audit_context *context = current->audit_context;
- context->capset.pid = pid;
+ context->capset.pid = task_pid_nr(current);
context->capset.cap.effective = new->cap_effective;
context->capset.cap.inheritable = new->cap_effective;
context->capset.cap.permitted = new->cap_permitted;
diff --git a/kernel/capability.c b/kernel/capability.c
index 4e66bf9275b0..34019c57888d 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -277,7 +277,7 @@ SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
if (ret < 0)
goto error;
- audit_log_capset(pid, new, current_cred());
+ audit_log_capset(new, current_cred());
return commit_creds(new);