[PATCH] audit: consistently record PIDs with task_tgid_nr()
Jeffrey Vander Stoep
jeffv at google.com
Tue Aug 30 21:58:58 UTC 2016
Can you add tid while you're at it?
We're already looking for it on Android:
https://android-review.googlesource.com/#/c/236952
On Tue, Aug 30, 2016 at 2:15 PM Paul Moore <pmoore at redhat.com> wrote:
> On Tue, Aug 30, 2016 at 5:13 PM, Paul Moore <pmoore at redhat.com> wrote:
> > From: Paul Moore <paul at paul-moore.com>
> >
> > Unfortunately we record PIDs in audit records using a variety of
> > methods despite the correct way being the use of task_tgid_nr().
> > This patch converts all of these callers, except for the case of
> > AUDIT_SET in audit_receive_msg() (see the comment in the code).
> >
> > Reported-by: Jeff Vander Stoep <jeffv at google.com>
> > Signed-off-by: Paul Moore <paul at paul-moore.com>
> > ---
> > kernel/audit.c | 8 +++++++-
> > kernel/auditsc.c | 12 ++++++------
> > security/lsm_audit.c | 4 ++--
> > 3 files changed, 15 insertions(+), 9 deletions(-)
>
> I forgot to tag this with "RFC". This patch compiles but I haven't
> had a chance to test it yet so it isn't going into audit#next just
> yet; if you have any concerns, now is the time to voice them.
>
> --
> paul moore
> security @ redhat
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20160830/1a9cc2b5/attachment.htm>
More information about the Linux-audit
mailing list