[PATCH v3] audit: log nftables configuration change events once per table
Florian Westphal
fw at strlen.de
Tue Mar 23 21:36:31 UTC 2021
Richard Guy Briggs <rgb at redhat.com> wrote:
> nft_commit_notify(net, NETLINK_CB(skb).portid);
> nf_tables_gen_notify(net, skb, NFT_MSG_NEWGEN);
> nf_tables_commit_release(net);
>
> + nf_tables_commit_audit_log(&adl, net->nft.base_seq);
This meeds to be before nf_tables_commit_release() call, afaics this function
dereferences data structures that might be free'd already here.
More information about the Linux-audit
mailing list