diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2020-07-03 18:56:19 +0200 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2020-07-09 01:02:11 +0200 |
commit | d7481b24b816b8c3955a9eaf01b97e2bd7f61a37 (patch) | |
tree | 0809d95b1ab314464940e38ffaa640eb9670fe65 /kernel/auditsc.c | |
parent | audit: use the proper gfp flags in the audit_log_nfcfg() calls (diff) | |
download | linux-d7481b24b816b8c3955a9eaf01b97e2bd7f61a37.tar.xz linux-d7481b24b816b8c3955a9eaf01b97e2bd7f61a37.zip |
audit: issue CWD record to accompany LSM_AUDIT_DATA_* records
The LSM_AUDIT_DATA_* records for PATH, FILE, IOCTL_OP, DENTRY and INODE
are incomplete without the task context of the AUDIT Current Working
Directory record. Add it.
This record addition can't use audit_dummy_context to determine whether
or not to store the record information since the LSM_AUDIT_DATA_*
records are initiated by various LSMs independent of any audit rules.
context->in_syscall is used to determine if it was called in user
context like audit_getname.
Please see the upstream issue
https://github.com/linux-audit/audit-kernel/issues/96
Adapted from Vladis Dronov's v2 patch.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r-- | kernel/auditsc.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index eae1a599ffe3..6884b50069d1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1891,6 +1891,20 @@ __audit_reusename(const __user char *uptr) return NULL; } +inline void _audit_getcwd(struct audit_context *context) +{ + if (!context->pwd.dentry) + get_fs_pwd(current->fs, &context->pwd); +} + +void __audit_getcwd(void) +{ + struct audit_context *context = audit_context(); + + if (context->in_syscall) + _audit_getcwd(context); +} + /** * __audit_getname - add a name to the list * @name: name to add @@ -1915,8 +1929,7 @@ void __audit_getname(struct filename *name) name->aname = n; name->refcnt++; - if (!context->pwd.dentry) - get_fs_pwd(current->fs, &context->pwd); + _audit_getcwd(context); } static inline int audit_copy_fcaps(struct audit_names *name, |