diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2016-11-20 16:47:55 -0500 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2016-11-29 15:10:12 -0500 |
commit | 8fae47705685fcaa75a1fe4c8c3e18300a702979 (patch) | |
tree | c7d3fde831e3da6929b133474c669709973b5f2a /kernel/auditsc.c | |
parent | c1e8f06d7a0eea232ce0767471e1b4756ccab70a (diff) | |
download | linux-8fae47705685fcaa75a1fe4c8c3e18300a702979.tar.gz linux-8fae47705685fcaa75a1fe4c8c3e18300a702979.tar.bz2 linux-8fae47705685fcaa75a1fe4c8c3e18300a702979.zip |
audit: add support for session ID user filter
Define AUDIT_SESSIONID in the uapi and add support for specifying user
filters based on the session ID. Also add the new session ID filter
to the feature bitmap so userspace knows it is available.
https://github.com/linux-audit/audit-kernel/issues/4
RFE: add a session ID filter to the kernel's user filter
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: combine multiple patches from Richard into this one]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r-- | kernel/auditsc.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index d161b17ce8ce..f78cb1b3fa74 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -446,6 +446,7 @@ static int audit_filter_rules(struct task_struct *tsk, const struct cred *cred; int i, need_sid = 1; u32 sid; + unsigned int sessionid; cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); @@ -508,6 +509,10 @@ static int audit_filter_rules(struct task_struct *tsk, case AUDIT_FSGID: result = audit_gid_comparator(cred->fsgid, f->op, f->gid); break; + case AUDIT_SESSIONID: + sessionid = audit_get_sessionid(current); + result = audit_comparator(sessionid, f->op, f->val); + break; case AUDIT_PERS: result = audit_comparator(tsk->personality, f->op, f->val); break; |