[PATCH] audit: use audit_log_task_info in audit_core_dumps and __audit_seccomp

[Kees Cook]

On Mon, Jan 13, 2014 at 6:56 PM, Eric Paris <eparis at redhat.com> wrote:
> We have a helper function which writes out all of the interesting
> identity information about tasks, audit_log_task_info().  We then have a
> second helper, audit_log_task(), which is only used by audit_core_dumps()
> and __audit_seccomp().  It is a light weight and only outputs some of the
> information about the task.  There does not appear to be rational for
> its existence except audit_core_dumps() originally did it this way.  At
> the time audit_log_task_info() did not exist.  When __audit_seccomp came
> along audit_core_dumps() was split into this helper and reused.  But
> there was a better helper in audit.c.
>
> This does reorder the records for audit_core_dumps() and
> __audit_seccomp().  The new record order is below.  The number in () is
> the order in the old record.  Entries without a () do not exist in the
> old record.
>
> audit_log_task_info:
> ppid     pid (6)   auid (1)   uid (2)   gid (3)   euid
> suid     fsuid     egid       sgid      fsgid     tty
> ses (4)  comm (7)  exe (8)    subj (5)
>
> audit_log_task:
> auid   uid   gid   ses   subj   pid   comm   exe
>
> It seems that reusing the task info pattern throughout records should
> allow for faster simpler more streamlined userspace records parsing, but
> changing order like this might be a deal breaker.
>
> Signed-off-by: Eric Paris <eparis at redhat.com>

Sounds fine to me. Thanks!

Acked-by: Kees Cook <keescook at chromium.org>

-Kees

-- 
Kees Cook
Chrome OS Security