audit.63 kernel.
David Woodhouse
dwmw2 at infradead.org
Mon Jun 20 14:19:43 UTC 2005
On Mon, 2005-06-20 at 10:52 +0100, David Woodhouse wrote:
>
> * Sun Jun 19 2005 David Woodhouse <dwmw2 at redhat.com> audit.61
> - Capture path_lookup() flags in audit_inode()
We capture the flags which may include LOOKUP_PARENT and hence indicate
the the inode being reported is actually the _parent_ of the requested
path.
--- linux-2.6.9/./fs/namei.c~ 2005-06-17 15:19:09.000000000 +0100
+++ linux-2.6.9/./fs/namei.c 2005-06-19 20:09:34.000000000 +0100
@@ -968,7 +968,7 @@ int fastcall path_lookup(const char *nam
out:
if (unlikely(current->audit_context
&& nd && nd->dentry && nd->dentry->d_inode))
- audit_inode(name, nd->dentry->d_inode);
+ audit_inode(name, nd->dentry->d_inode, flags);
return retval;
}
--- linux-2.6.9/./include/linux/audit.h~ 2005-06-19 18:53:58.000000000 +0100
+++ linux-2.6.9/./include/linux/audit.h 2005-06-19 20:10:41.000000000 +0100
@@ -271,7 +271,7 @@ extern void audit_syscall_entry(struct t
extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
extern void audit_getname(const char *name);
extern void audit_putname(const char *name);
-extern void audit_inode(const char *name, const struct inode *inode);
+extern void audit_inode(const char *name, const struct inode *inode, unsigned flags);
/* Private API (for audit.c only) */
extern int audit_receive_filter(int type, int pid, int uid, int seq,
@@ -294,7 +294,7 @@ extern int audit_filter_user(struct task
#define audit_syscall_exit(t,f,r) do { ; } while (0)
#define audit_getname(n) do { ; } while (0)
#define audit_putname(n) do { ; } while (0)
-#define audit_inode(n,i) do { ; } while (0)
+#define audit_inode(n,i,f) do { ; } while (0)
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
#define audit_get_loginuid(c) ({ -1; })
--- linux-2.6.9/./kernel/auditsc.c~ 2005-06-19 18:53:58.000000000 +0100
+++ linux-2.6.9/./kernel/auditsc.c 2005-06-19 20:28:08.000000000 +0100
@@ -95,6 +95,7 @@ struct audit_names {
uid_t uid;
gid_t gid;
dev_t rdev;
+ unsigned flags;
};
struct audit_aux_data {
@@ -833,6 +834,8 @@ static void audit_log_exit(struct audit_
audit_log_format(ab, "name=");
audit_log_untrustedstring(ab, context->names[i].name);
}
+ audit_log_format(ab, " flags=%x\n", context->names[i].flags);
+
if (context->names[i].ino != (unsigned long)-1)
audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o"
" ouid=%u ogid=%u rdev=%02x:%02x",
@@ -1058,7 +1061,7 @@ EXPORT_SYMBOL(audit_putname);
/* Store the inode and device from a lookup. Called from
* fs/namei.c:path_lookup(). */
-void audit_inode(const char *name, const struct inode *inode)
+void audit_inode(const char *name, const struct inode *inode, unsigned flags)
{
int idx;
struct audit_context *context = current->audit_context;
@@ -1084,12 +1087,13 @@ void audit_inode(const char *name, const
++context->ino_count;
#endif
}
- context->names[idx].ino = inode->i_ino;
- context->names[idx].dev = inode->i_sb->s_dev;
- context->names[idx].mode = inode->i_mode;
- context->names[idx].uid = inode->i_uid;
- context->names[idx].gid = inode->i_gid;
- context->names[idx].rdev = inode->i_rdev;
+ context->names[idx].flags = flags;
+ context->names[idx].ino = inode->i_ino;
+ context->names[idx].dev = inode->i_sb->s_dev;
+ context->names[idx].mode = inode->i_mode;
+ context->names[idx].uid = inode->i_uid;
+ context->names[idx].gid = inode->i_gid;
+ context->names[idx].rdev = inode->i_rdev;
}
void auditsc_get_stamp(struct audit_context *ctx,
>
--
dwmw2
More information about the Linux-audit
mailing list