Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 939cbf26 authored by Eric Paris's avatar Eric Paris Committed by Al Viro
Browse files

Audit: send signal info if selinux is disabled 



Audit will not respond to signal requests if selinux is disabled since it is
unable to translate the 0 sid from the sending process to a context.  This
patch just doesn't send the context info if there isn't any.

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 44e51a1b

kernel/audit.c

+12 −6
Original line number Diff line number Diff line
@@ -855,18 +855,24 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 
		break;

	}

	case AUDIT_SIGNAL_INFO:

		len = 0;

		if (audit_sig_sid) {

			err = security_secid_to_secctx(audit_sig_sid, &ctx, &len);

			if (err)

				return err;

		}

		sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);

		if (!sig_data) {

			if (audit_sig_sid)

				security_release_secctx(ctx, len);

			return -ENOMEM;

		}

		sig_data->uid = audit_sig_uid;

		sig_data->pid = audit_sig_pid;

		if (audit_sig_sid) {

			memcpy(sig_data->ctx, ctx, len);

			security_release_secctx(ctx, len);

		}

		audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO,

				0, 0, sig_data, sizeof(*sig_data) + len);

		kfree(sig_data);