Loading include/linux/audit.h +2 −1 Original line number Diff line number Diff line Loading @@ -61,11 +61,12 @@ #define AUDIT_SYSCALL 1300 /* Syscall event */ #define AUDIT_FS_WATCH 1301 /* Filesystem watch event */ #define AUDIT_PATH 1302 /* Filname path information */ #define AUDIT_PATH 1302 /* Filename path information */ #define AUDIT_IPC 1303 /* IPC record */ #define AUDIT_SOCKETCALL 1304 /* sys_socketcall arguments */ #define AUDIT_CONFIG_CHANGE 1305 /* Audit system configuration change */ #define AUDIT_SOCKADDR 1306 /* sockaddr copied as syscall arg */ #define AUDIT_CWD 1307 /* Current working directory */ #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ Loading kernel/auditsc.c +23 −0 Original line number Diff line number Diff line Loading @@ -145,6 +145,8 @@ struct audit_context { int auditable; /* 1 if record should be written */ int name_count; struct audit_names names[AUDIT_NAMES]; struct dentry * pwd; struct vfsmount * pwdmnt; struct audit_context *previous; /* For nested syscalls */ struct audit_aux_data *aux; Loading Loading @@ -552,6 +554,12 @@ static inline void audit_free_names(struct audit_context *context) if (context->names[i].name) __putname(context->names[i].name); context->name_count = 0; if (context->pwd) dput(context->pwd); if (context->pwdmnt) mntput(context->pwdmnt); context->pwd = NULL; context->pwdmnt = NULL; } static inline void audit_free_aux(struct audit_context *context) Loading Loading @@ -745,10 +753,18 @@ static void audit_log_exit(struct audit_context *context) audit_log_end(ab); } if (context->pwd && context->pwdmnt) { ab = audit_log_start(context, AUDIT_CWD); if (ab) { audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt); audit_log_end(ab); } } for (i = 0; i < context->name_count; i++) { ab = audit_log_start(context, AUDIT_PATH); if (!ab) continue; /* audit_panic has been called */ audit_log_format(ab, "item=%d", i); if (context->names[i].name) { audit_log_format(ab, " name="); Loading Loading @@ -929,6 +945,13 @@ void audit_getname(const char *name) context->names[context->name_count].name = name; context->names[context->name_count].ino = (unsigned long)-1; ++context->name_count; if (!context->pwd) { read_lock(¤t->fs->lock); context->pwd = dget(current->fs->pwd); context->pwdmnt = mntget(current->fs->pwdmnt); read_unlock(¤t->fs->lock); } } /* Intercept a putname request. Called from Loading Loading
include/linux/audit.h +2 −1 Original line number Diff line number Diff line Loading @@ -61,11 +61,12 @@ #define AUDIT_SYSCALL 1300 /* Syscall event */ #define AUDIT_FS_WATCH 1301 /* Filesystem watch event */ #define AUDIT_PATH 1302 /* Filname path information */ #define AUDIT_PATH 1302 /* Filename path information */ #define AUDIT_IPC 1303 /* IPC record */ #define AUDIT_SOCKETCALL 1304 /* sys_socketcall arguments */ #define AUDIT_CONFIG_CHANGE 1305 /* Audit system configuration change */ #define AUDIT_SOCKADDR 1306 /* sockaddr copied as syscall arg */ #define AUDIT_CWD 1307 /* Current working directory */ #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ Loading
kernel/auditsc.c +23 −0 Original line number Diff line number Diff line Loading @@ -145,6 +145,8 @@ struct audit_context { int auditable; /* 1 if record should be written */ int name_count; struct audit_names names[AUDIT_NAMES]; struct dentry * pwd; struct vfsmount * pwdmnt; struct audit_context *previous; /* For nested syscalls */ struct audit_aux_data *aux; Loading Loading @@ -552,6 +554,12 @@ static inline void audit_free_names(struct audit_context *context) if (context->names[i].name) __putname(context->names[i].name); context->name_count = 0; if (context->pwd) dput(context->pwd); if (context->pwdmnt) mntput(context->pwdmnt); context->pwd = NULL; context->pwdmnt = NULL; } static inline void audit_free_aux(struct audit_context *context) Loading Loading @@ -745,10 +753,18 @@ static void audit_log_exit(struct audit_context *context) audit_log_end(ab); } if (context->pwd && context->pwdmnt) { ab = audit_log_start(context, AUDIT_CWD); if (ab) { audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt); audit_log_end(ab); } } for (i = 0; i < context->name_count; i++) { ab = audit_log_start(context, AUDIT_PATH); if (!ab) continue; /* audit_panic has been called */ audit_log_format(ab, "item=%d", i); if (context->names[i].name) { audit_log_format(ab, " name="); Loading Loading @@ -929,6 +945,13 @@ void audit_getname(const char *name) context->names[context->name_count].name = name; context->names[context->name_count].ino = (unsigned long)-1; ++context->name_count; if (!context->pwd) { read_lock(¤t->fs->lock); context->pwd = dget(current->fs->pwd); context->pwdmnt = mntget(current->fs->pwdmnt); read_unlock(¤t->fs->lock); } } /* Intercept a putname request. Called from Loading
David Woodhouse <dwmw2@infradead.org>David Woodhouse <dwmw2@infradead.org>