summaryrefslogtreecommitdiffstats
path: root/kernel/audit.c
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2012-09-11 08:10:16 +0200
committerEric W. Biederman <ebiederm@xmission.com>2012-09-18 03:03:31 +0200
commit02276bda4a2bf094fcde89fb5db4d9e86347ebf4 (patch)
tree7f06da4dd9757c353133b9c512334daf96cfec1e /kernel/audit.c
parentaudit: Limit audit requests to processes in the initial pid and user namespaces. (diff)
downloadlinux-02276bda4a2bf094fcde89fb5db4d9e86347ebf4.tar.xz
linux-02276bda4a2bf094fcde89fb5db4d9e86347ebf4.zip
audit: Use current instead of NETLINK_CREDS() in audit_filter
Get caller process uid and gid and pid values from the current task instead of the NETLINK_CB. This is simpler than passing NETLINK_CREDS from from audit_receive_msg to audit_filter_user_rules and avoid the chance of being hit by the occassional bugs in netlink uid/gid credential passing. This is a safe changes because all netlink requests are processed in the task of the sending process. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 7b7268e3073b..fecb1507b485 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -744,7 +744,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
if (!audit_enabled && msg_type != AUDIT_USER_AVC)
return 0;
- err = audit_filter_user(&NETLINK_CB(skb));
+ err = audit_filter_user();
if (err == 1) {
err = 0;
if (msg_type == AUDIT_USER_TTY) {