[RFC] audit: allow audit_reusename to check kernel path
Alexander Viro
aviro at redhat.com
Wed May 27 00:36:51 UTC 2020
On Tue, May 26, 2020 at 08:32:06AM -0400, Paul Moore wrote:
> On Mon, May 25, 2020 at 3:22 AM Yiwen Gu <guyiwen at huawei.com> wrote:
> > For now, we met a situation where the audit_reusename checking
> > function returns the same filename structure for files sharing
> > the same uptr. However, these files are different, and we are trying
> > to open them in a loop where the names are loaded into the same address.
> > Therefore, the function returns the same structure for different files.
> > By the way, may I ask in what situation would the audit_list be kept
> > across syscalls?
Never. "reuse" is strictly within the same syscall, so e.g. -ESTALE
retry logics doesn't have to worry about extra instances of struct
filename.
> What kernel are you using? Is this an Android kernel?
>
> Do you have a reproducer you can share?
More information about the Linux-audit
mailing list