Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 935c9e7f authored by Richard Guy Briggs's avatar Richard Guy Briggs Committed by Paul Moore
Browse files

audit: log failed attempts to change audit_pid configuration 



Failed attempts to change the audit_pid configuration are not presently
logged.  One case is an attempt to starve an old auditd by starting up
a new auditd when the old one is still alive and active.  The other
case is an attempt to orphan a new auditd when an old auditd shuts
down.

Log both as AUDIT_CONFIG_CHANGE messages with failure result.

Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
parent 133e1e5a

kernel/audit.c

+6 −2
Original line number Diff line number Diff line
@@ -882,11 +882,15 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 
			int new_pid = s.pid;

			pid_t requesting_pid = task_tgid_vnr(current);



			if ((!new_pid) && (requesting_pid != audit_pid))

			if ((!new_pid) && (requesting_pid != audit_pid)) {

				audit_log_config_change("audit_pid", new_pid, audit_pid, 0);

				return -EACCES;

			}

			if (audit_pid && new_pid &&

			    audit_replace(requesting_pid) != -ECONNREFUSED)

			    audit_replace(requesting_pid) != -ECONNREFUSED) {

				audit_log_config_change("audit_pid", new_pid, audit_pid, 0);

				return -EEXIST;

			}

			if (audit_enabled != AUDIT_OFF)

				audit_log_config_change("audit_pid", new_pid, audit_pid, 1);

			audit_pid = new_pid;