AUDIT: Report lookup flags with path/inode records.
When LOOKUP_PARENT is used, the inode which results is not the inode found at the pathname. Report the flags so that this doesn't generate misleading audit records. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
This commit is contained in:
parent
f7056d64ae
commit
ae7b961b1c
@ -1043,7 +1043,7 @@ int fastcall path_lookup(const char *name, unsigned int flags, struct nameidata
|
|||||||
out:
|
out:
|
||||||
if (unlikely(current->audit_context
|
if (unlikely(current->audit_context
|
||||||
&& nd && nd->dentry && nd->dentry->d_inode))
|
&& nd && nd->dentry && nd->dentry->d_inode))
|
||||||
audit_inode(name, nd->dentry->d_inode);
|
audit_inode(name, nd->dentry->d_inode, flags);
|
||||||
return retval;
|
return retval;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -220,7 +220,7 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
|
|||||||
extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
|
extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
|
||||||
extern void audit_getname(const char *name);
|
extern void audit_getname(const char *name);
|
||||||
extern void audit_putname(const char *name);
|
extern void audit_putname(const char *name);
|
||||||
extern void audit_inode(const char *name, const struct inode *inode);
|
extern void audit_inode(const char *name, const struct inode *inode, unsigned flags);
|
||||||
|
|
||||||
/* Private API (for audit.c only) */
|
/* Private API (for audit.c only) */
|
||||||
extern int audit_receive_filter(int type, int pid, int uid, int seq,
|
extern int audit_receive_filter(int type, int pid, int uid, int seq,
|
||||||
@ -243,7 +243,7 @@ extern int audit_filter_user(struct task_struct *tsk, int type);
|
|||||||
#define audit_syscall_exit(t,f,r) do { ; } while (0)
|
#define audit_syscall_exit(t,f,r) do { ; } while (0)
|
||||||
#define audit_getname(n) do { ; } while (0)
|
#define audit_getname(n) do { ; } while (0)
|
||||||
#define audit_putname(n) do { ; } while (0)
|
#define audit_putname(n) do { ; } while (0)
|
||||||
#define audit_inode(n,i) do { ; } while (0)
|
#define audit_inode(n,i,f) do { ; } while (0)
|
||||||
#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
|
#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
|
||||||
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
|
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
|
||||||
#define audit_get_loginuid(c) ({ -1; })
|
#define audit_get_loginuid(c) ({ -1; })
|
||||||
|
@ -95,6 +95,7 @@ struct audit_names {
|
|||||||
uid_t uid;
|
uid_t uid;
|
||||||
gid_t gid;
|
gid_t gid;
|
||||||
dev_t rdev;
|
dev_t rdev;
|
||||||
|
unsigned flags;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct audit_aux_data {
|
struct audit_aux_data {
|
||||||
@ -792,6 +793,8 @@ static void audit_log_exit(struct audit_context *context)
|
|||||||
audit_log_format(ab, " name=");
|
audit_log_format(ab, " name=");
|
||||||
audit_log_untrustedstring(ab, context->names[i].name);
|
audit_log_untrustedstring(ab, context->names[i].name);
|
||||||
}
|
}
|
||||||
|
audit_log_format(ab, " flags=%x\n", context->names[i].flags);
|
||||||
|
|
||||||
if (context->names[i].ino != (unsigned long)-1)
|
if (context->names[i].ino != (unsigned long)-1)
|
||||||
audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o"
|
audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o"
|
||||||
" ouid=%u ogid=%u rdev=%02x:%02x",
|
" ouid=%u ogid=%u rdev=%02x:%02x",
|
||||||
@ -1018,7 +1021,7 @@ void audit_putname(const char *name)
|
|||||||
|
|
||||||
/* Store the inode and device from a lookup. Called from
|
/* Store the inode and device from a lookup. Called from
|
||||||
* fs/namei.c:path_lookup(). */
|
* fs/namei.c:path_lookup(). */
|
||||||
void audit_inode(const char *name, const struct inode *inode)
|
void audit_inode(const char *name, const struct inode *inode, unsigned flags)
|
||||||
{
|
{
|
||||||
int idx;
|
int idx;
|
||||||
struct audit_context *context = current->audit_context;
|
struct audit_context *context = current->audit_context;
|
||||||
@ -1044,12 +1047,13 @@ void audit_inode(const char *name, const struct inode *inode)
|
|||||||
++context->ino_count;
|
++context->ino_count;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
context->names[idx].ino = inode->i_ino;
|
context->names[idx].flags = flags;
|
||||||
context->names[idx].dev = inode->i_sb->s_dev;
|
context->names[idx].ino = inode->i_ino;
|
||||||
context->names[idx].mode = inode->i_mode;
|
context->names[idx].dev = inode->i_sb->s_dev;
|
||||||
context->names[idx].uid = inode->i_uid;
|
context->names[idx].mode = inode->i_mode;
|
||||||
context->names[idx].gid = inode->i_gid;
|
context->names[idx].uid = inode->i_uid;
|
||||||
context->names[idx].rdev = inode->i_rdev;
|
context->names[idx].gid = inode->i_gid;
|
||||||
|
context->names[idx].rdev = inode->i_rdev;
|
||||||
}
|
}
|
||||||
|
|
||||||
void auditsc_get_stamp(struct audit_context *ctx,
|
void auditsc_get_stamp(struct audit_context *ctx,
|
||||||
|
Loading…
Reference in New Issue
Block a user