summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Davies C <pauldaviesc@gmail.com>2013-11-21 03:44:03 +0100
committerEric Paris <eparis@redhat.com>2014-01-14 04:31:38 +0100
commitff235f51a138fc61e1a22dcb8b072d9c78c2a8cc (patch)
treee60ba924338f34a394e1986a2173a8f38eee5235
parentaudit: prevent an older auditd shutdown from orphaning a newer auditd startup (diff)
downloadlinux-ff235f51a138fc61e1a22dcb8b072d9c78c2a8cc.tar.xz
linux-ff235f51a138fc61e1a22dcb8b072d9c78c2a8cc.zip
audit: Added exe field to audit core dump signal log
Currently when the coredump signals are logged by the audit system, the actual path to the executable is not logged. Without details of exe, the system admin may not have an exact idea on what program failed. This patch changes the audit_log_task() so that the path to the exe is also logged. This was copied from audit_log_task_info() and the latter enhanced to avoid disappearing text fields. Signed-off-by: Paul Davies C <pauldaviesc@gmail.com> Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r--kernel/audit.c3
-rw-r--r--kernel/auditsc.c8
2 files changed, 10 insertions, 1 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index f207289d686b..25e4ed016793 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1859,7 +1859,8 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
if (mm->exe_file)
audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
up_read(&mm->mmap_sem);
- }
+ } else
+ audit_log_format(ab, " exe=(null)");
audit_log_task_context(ab);
}
EXPORT_SYMBOL(audit_log_task_info);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index fc3b3dbcc8aa..05634b3ba244 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2353,6 +2353,7 @@ static void audit_log_task(struct audit_buffer *ab)
kuid_t auid, uid;
kgid_t gid;
unsigned int sessionid;
+ struct mm_struct *mm = current->mm;
auid = audit_get_loginuid(current);
sessionid = audit_get_sessionid(current);
@@ -2366,6 +2367,13 @@ static void audit_log_task(struct audit_buffer *ab)
audit_log_task_context(ab);
audit_log_format(ab, " pid=%d comm=", current->pid);
audit_log_untrustedstring(ab, current->comm);
+ if (mm) {
+ down_read(&mm->mmap_sem);
+ if (mm->exe_file)
+ audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
+ up_read(&mm->mmap_sem);
+ } else
+ audit_log_format(ab, " exe=(null)");
}
/**