summaryrefslogtreecommitdiffstats
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2019-05-10 18:21:49 +0200
committerPaul Moore <paul@paul-moore.com>2019-05-22 04:18:25 +0200
commitb48345aafb203803ccda4488cb5409b1ed435c0a (patch)
tree025ceffb2d6792a15b495c64d9de565c5baf2c9d /kernel/auditsc.c
parentLinux 5.2-rc1 (diff)
downloadlinux-b48345aafb203803ccda4488cb5409b1ed435c0a.tar.xz
linux-b48345aafb203803ccda4488cb5409b1ed435c0a.zip
audit: deliver signal_info regarless of syscall
When a process signals the audit daemon (shutdown, rotate, resume, reconfig) but syscall auditing is not enabled, we still want to know the identity of the process sending the signal to the audit daemon. Move audit_signal_info() out of syscall auditing to general auditing but create a new function audit_signal_info_syscall() to take care of the syscall dependent parts for when syscall auditing is enabled. Please see the github kernel audit issue https://github.com/linux-audit/audit-kernel/issues/111 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c19
1 files changed, 3 insertions, 16 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 95ae27edd417..30aa07b0115f 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2360,30 +2360,17 @@ void __audit_ptrace(struct task_struct *t)
}
/**
- * audit_signal_info - record signal info for shutting down audit subsystem
- * @sig: signal value
+ * audit_signal_info_syscall - record signal info for syscalls
* @t: task being signaled
*
* If the audit subsystem is being terminated, record the task (pid)
* and uid that is doing that.
*/
-int audit_signal_info(int sig, struct task_struct *t)
+int audit_signal_info_syscall(struct task_struct *t)
{
struct audit_aux_data_pids *axp;
struct audit_context *ctx = audit_context();
- kuid_t uid = current_uid(), auid, t_uid = task_uid(t);
-
- if (auditd_test_task(t) &&
- (sig == SIGTERM || sig == SIGHUP ||
- sig == SIGUSR1 || sig == SIGUSR2)) {
- audit_sig_pid = task_tgid_nr(current);
- auid = audit_get_loginuid(current);
- if (uid_valid(auid))
- audit_sig_uid = auid;
- else
- audit_sig_uid = uid;
- security_task_getsecid(current, &audit_sig_sid);
- }
+ kuid_t t_uid = task_uid(t);
if (!audit_signals || audit_dummy_context())
return 0;