Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
linux-davinci
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
linux
linux-davinci
Commits
8f37d47c
Commit
8f37d47c
authored
May 27, 2005
by
David Woodhouse
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
AUDIT: Record working directory when syscall arguments are pathnames
Signed-off-by:
David Woodhouse
<
dwmw2@infradead.org
>
parent
7551ced3
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
25 additions
and
1 deletion
+25
-1
include/linux/audit.h
include/linux/audit.h
+2
-1
kernel/auditsc.c
kernel/auditsc.c
+23
-0
No files found.
include/linux/audit.h
View file @
8f37d47c
...
@@ -61,11 +61,12 @@
...
@@ -61,11 +61,12 @@
#define AUDIT_SYSCALL 1300
/* Syscall event */
#define AUDIT_SYSCALL 1300
/* Syscall event */
#define AUDIT_FS_WATCH 1301
/* Filesystem watch event */
#define AUDIT_FS_WATCH 1301
/* Filesystem watch event */
#define AUDIT_PATH 1302
/* Filname path information */
#define AUDIT_PATH 1302
/* Fil
e
name path information */
#define AUDIT_IPC 1303
/* IPC record */
#define AUDIT_IPC 1303
/* IPC record */
#define AUDIT_SOCKETCALL 1304
/* sys_socketcall arguments */
#define AUDIT_SOCKETCALL 1304
/* sys_socketcall arguments */
#define AUDIT_CONFIG_CHANGE 1305
/* Audit system configuration change */
#define AUDIT_CONFIG_CHANGE 1305
/* Audit system configuration change */
#define AUDIT_SOCKADDR 1306
/* sockaddr copied as syscall arg */
#define AUDIT_SOCKADDR 1306
/* sockaddr copied as syscall arg */
#define AUDIT_CWD 1307
/* Current working directory */
#define AUDIT_AVC 1400
/* SE Linux avc denial or grant */
#define AUDIT_AVC 1400
/* SE Linux avc denial or grant */
#define AUDIT_SELINUX_ERR 1401
/* Internal SE Linux Errors */
#define AUDIT_SELINUX_ERR 1401
/* Internal SE Linux Errors */
...
...
kernel/auditsc.c
View file @
8f37d47c
...
@@ -145,6 +145,8 @@ struct audit_context {
...
@@ -145,6 +145,8 @@ struct audit_context {
int
auditable
;
/* 1 if record should be written */
int
auditable
;
/* 1 if record should be written */
int
name_count
;
int
name_count
;
struct
audit_names
names
[
AUDIT_NAMES
];
struct
audit_names
names
[
AUDIT_NAMES
];
struct
dentry
*
pwd
;
struct
vfsmount
*
pwdmnt
;
struct
audit_context
*
previous
;
/* For nested syscalls */
struct
audit_context
*
previous
;
/* For nested syscalls */
struct
audit_aux_data
*
aux
;
struct
audit_aux_data
*
aux
;
...
@@ -552,6 +554,12 @@ static inline void audit_free_names(struct audit_context *context)
...
@@ -552,6 +554,12 @@ static inline void audit_free_names(struct audit_context *context)
if
(
context
->
names
[
i
].
name
)
if
(
context
->
names
[
i
].
name
)
__putname
(
context
->
names
[
i
].
name
);
__putname
(
context
->
names
[
i
].
name
);
context
->
name_count
=
0
;
context
->
name_count
=
0
;
if
(
context
->
pwd
)
dput
(
context
->
pwd
);
if
(
context
->
pwdmnt
)
mntput
(
context
->
pwdmnt
);
context
->
pwd
=
NULL
;
context
->
pwdmnt
=
NULL
;
}
}
static
inline
void
audit_free_aux
(
struct
audit_context
*
context
)
static
inline
void
audit_free_aux
(
struct
audit_context
*
context
)
...
@@ -745,10 +753,18 @@ static void audit_log_exit(struct audit_context *context)
...
@@ -745,10 +753,18 @@ static void audit_log_exit(struct audit_context *context)
audit_log_end
(
ab
);
audit_log_end
(
ab
);
}
}
if
(
context
->
pwd
&&
context
->
pwdmnt
)
{
ab
=
audit_log_start
(
context
,
AUDIT_CWD
);
if
(
ab
)
{
audit_log_d_path
(
ab
,
"cwd="
,
context
->
pwd
,
context
->
pwdmnt
);
audit_log_end
(
ab
);
}
}
for
(
i
=
0
;
i
<
context
->
name_count
;
i
++
)
{
for
(
i
=
0
;
i
<
context
->
name_count
;
i
++
)
{
ab
=
audit_log_start
(
context
,
AUDIT_PATH
);
ab
=
audit_log_start
(
context
,
AUDIT_PATH
);
if
(
!
ab
)
if
(
!
ab
)
continue
;
/* audit_panic has been called */
continue
;
/* audit_panic has been called */
audit_log_format
(
ab
,
"item=%d"
,
i
);
audit_log_format
(
ab
,
"item=%d"
,
i
);
if
(
context
->
names
[
i
].
name
)
{
if
(
context
->
names
[
i
].
name
)
{
audit_log_format
(
ab
,
" name="
);
audit_log_format
(
ab
,
" name="
);
...
@@ -929,6 +945,13 @@ void audit_getname(const char *name)
...
@@ -929,6 +945,13 @@ void audit_getname(const char *name)
context
->
names
[
context
->
name_count
].
name
=
name
;
context
->
names
[
context
->
name_count
].
name
=
name
;
context
->
names
[
context
->
name_count
].
ino
=
(
unsigned
long
)
-
1
;
context
->
names
[
context
->
name_count
].
ino
=
(
unsigned
long
)
-
1
;
++
context
->
name_count
;
++
context
->
name_count
;
if
(
!
context
->
pwd
)
{
read_lock
(
&
current
->
fs
->
lock
);
context
->
pwd
=
dget
(
current
->
fs
->
pwd
);
context
->
pwdmnt
=
mntget
(
current
->
fs
->
pwdmnt
);
read_unlock
(
&
current
->
fs
->
lock
);
}
}
}
/* Intercept a putname request. Called from
/* Intercept a putname request. Called from
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment