summaryrefslogtreecommitdiffstats
path: root/security/lsm_audit.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2011-04-25 19:10:27 +0200
committerEric Paris <eparis@redhat.com>2011-04-26 00:14:07 +0200
commita269434d2fb48a4d66c1d7bf821b7874b59c5b41 (patch)
tree9c84b5f3e9f3adb3dd4a7e9da2b72dd7fe7eec49 /security/lsm_audit.c
parentLSM: split LSM_AUDIT_DATA_FS into _PATH and _INODE (diff)
downloadlinux-a269434d2fb48a4d66c1d7bf821b7874b59c5b41.tar.xz
linux-a269434d2fb48a4d66c1d7bf821b7874b59c5b41.zip
LSM: separate LSM_AUDIT_DATA_DENTRY from LSM_AUDIT_DATA_PATH
This patch separates and audit message that only contains a dentry from one that contains a full path. This allows us to make it harder to misuse the interfaces or for the interfaces to be implemented wrong. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/lsm_audit.c')
-rw-r--r--security/lsm_audit.c25
1 files changed, 16 insertions, 9 deletions
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 2e846052cbf4..893af8a2fa1e 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -229,17 +229,24 @@ static void dump_common_audit_data(struct audit_buffer *ab,
audit_log_format(ab, " capability=%d ", a->u.cap);
break;
case LSM_AUDIT_DATA_PATH: {
- struct dentry *dentry = a->u.path.dentry;
struct inode *inode;
- if (a->u.path.mnt) {
- audit_log_d_path(ab, "path=", &a->u.path);
- } else {
- audit_log_format(ab, " name=");
- audit_log_untrustedstring(ab,
- dentry->d_name.name);
- }
- inode = dentry->d_inode;
+ audit_log_d_path(ab, "path=", &a->u.path);
+
+ inode = a->u.path.dentry->d_inode;
+ if (inode)
+ audit_log_format(ab, " dev=%s ino=%lu",
+ inode->i_sb->s_id,
+ inode->i_ino);
+ break;
+ }
+ case LSM_AUDIT_DATA_DENTRY: {
+ struct inode *inode;
+
+ audit_log_format(ab, " name=");
+ audit_log_untrustedstring(ab, a->u.dentry->d_name.name);
+
+ inode = a->u.dentry->d_inode;
if (inode)
audit_log_format(ab, " dev=%s ino=%lu",
inode->i_sb->s_id,