[PATCH v2 6/7] audit: Use task_is_in_init_pid_ns()
Richard Guy Briggs
rgb at redhat.com
Wed Dec 15 19:09:12 UTC 2021
On 2021-12-14 17:35, Paul Moore wrote:
> On Wed, Dec 8, 2021 at 3:33 AM Leo Yan <leo.yan at linaro.org> wrote:
> >
> > Replace open code with task_is_in_init_pid_ns() for checking root PID
> > namespace.
> >
> > Signed-off-by: Leo Yan <leo.yan at linaro.org>
> > ---
> > kernel/audit.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
>
> I'm not sure how necessary this is, but it looks correct to me.
I had the same thought. I looks correct to me. I could see the value
if it permitted init_pid_ns to not be global.
> Acked-by: Paul Moore <paul at paul-moore.com>
Reviewed-by: Richard Guy Briggs <rgb at redhat.com>
> > diff --git a/kernel/audit.c b/kernel/audit.c
> > index 121d37e700a6..56ea91014180 100644
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@ -1034,7 +1034,7 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
> > case AUDIT_MAKE_EQUIV:
> > /* Only support auditd and auditctl in initial pid namespace
> > * for now. */
> > - if (task_active_pid_ns(current) != &init_pid_ns)
> > + if (!task_is_in_init_pid_ns(current))
> > return -EPERM;
> >
> > if (!netlink_capable(skb, CAP_AUDIT_CONTROL))
> > --
> > 2.25.1
>
> paul moore
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list