[PATCH ghak122 v1] audit: store event sockaddr in case of no rules
Richard Guy Briggs
rgb at redhat.com
Fri Jul 3 17:17:35 UTC 2020
When there are no rules present, the event SOCKADDR record is not
generated due to audit_dummy_context() generated at syscall entry from
audit_n_rules. Store this information if there is a context present to
store it so that mandatory events are more complete (startup, LSMs...).
Please see the upstream issue
https://github.com/linux-audit/audit-kernel/issues/122
Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
---
Passes audit-testsuite.
include/linux/audit.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 03c4035a532b..07fecd99741a 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -448,7 +448,7 @@ static inline int audit_socketcall_compat(int nargs, u32 *args)
static inline int audit_sockaddr(int len, void *addr)
{
- if (unlikely(!audit_dummy_context()))
+ if (audit_context())
return __audit_sockaddr(len, addr);
return 0;
}
--
1.8.3.1
More information about the Linux-audit
mailing list