diff options
author | Eric Paris <eparis@redhat.com> | 2013-04-30 15:30:32 -0400 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2013-04-30 15:31:28 -0400 |
commit | b24a30a7305418ff138ff51776fc555ec57c011a (patch) | |
tree | 2c64cff75b758c3fb407118ab473167fb5bec3fa /include | |
parent | 7173c54e3a9deb491a586e7e107375109ee48bcb (diff) | |
download | linux-b24a30a7305418ff138ff51776fc555ec57c011a.tar.gz linux-b24a30a7305418ff138ff51776fc555ec57c011a.tar.bz2 linux-b24a30a7305418ff138ff51776fc555ec57c011a.zip |
audit: fix event coverage of AUDIT_ANOM_LINK
The userspace audit tools didn't like the existing formatting of the
AUDIT_ANOM_LINK event. It needed to be expanded to emit an AUDIT_PATH
event as well, so this implements the change. The bulk of the patch is
moving code out of auditsc.c into audit.c and audit.h for general use.
It expands audit_log_name to include an optional "struct path" argument
for the simple case of just needing to report a pathname. This also
makes
audit_log_task_info available when syscall auditing is not enabled,
since
it is needed in either case for process details.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: Steve Grubb <sgrubb@redhat.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/audit.h | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index b76bfc8efc25..469d11755e46 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -190,8 +190,6 @@ static inline int audit_get_sessionid(struct task_struct *tsk) return tsk->sessionid; } -extern int audit_log_task_context(struct audit_buffer *ab); -extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk); extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); extern int __audit_bprm(struct linux_binprm *bprm); @@ -346,13 +344,6 @@ static inline int audit_get_sessionid(struct task_struct *tsk) { return -1; } -static int void audit_log_task_context(struct audit_buffer *ab) -{ - return 0; -} -static inline void audit_log_task_info(struct audit_buffer *ab, - struct task_struct *tsk) -{ } static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) { } static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, @@ -439,6 +430,10 @@ static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid) { } #endif +extern int audit_log_task_context(struct audit_buffer *ab); +extern void audit_log_task_info(struct audit_buffer *ab, + struct task_struct *tsk); + extern int audit_update_lsm_rules(void); /* Private API (for audit.c only) */ @@ -485,6 +480,13 @@ static inline void audit_log_link_denied(const char *string, { } static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid) { } +static inline int audit_log_task_context(struct audit_buffer *ab) +{ + return 0; +} +static inline void audit_log_task_info(struct audit_buffer *ab, + struct task_struct *tsk) +{ } #define audit_enabled 0 #endif /* CONFIG_AUDIT */ static inline void audit_log_string(struct audit_buffer *ab, const char *buf) |