summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2012-07-25 17:29:08 -0700
committerAl Viro <viro@zeniv.linux.org.uk>2012-07-29 21:43:08 +0400
commita51d9eaa41866ab6b4b6ecad7b621f8b66ece0dc (patch)
treef8ab532f946ec7f9ccdabb6a394d952981084122 /fs
parent800179c9b8a1e796e441674776d11cd4c05d61d7 (diff)
downloadlinux-3.10-a51d9eaa41866ab6b4b6ecad7b621f8b66ece0dc.tar.gz
linux-3.10-a51d9eaa41866ab6b4b6ecad7b621f8b66ece0dc.tar.bz2
linux-3.10-a51d9eaa41866ab6b4b6ecad7b621f8b66ece0dc.zip
fs: add link restriction audit reporting
Adds audit messages for unexpected link restriction violations so that system owners will have some sort of potentially actionable information about misbehaving processes. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r--fs/namei.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/namei.c b/fs/namei.c
index 3861d85f848..618d3531cf9 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -692,6 +692,7 @@ static inline int may_follow_link(struct path *link, struct nameidata *nd)
path_put_conditional(link, nd);
path_put(&nd->path);
+ audit_log_link_denied("follow_link", link);
return -EACCES;
}
@@ -760,6 +761,7 @@ static int may_linkat(struct path *link)
capable(CAP_FOWNER))
return 0;
+ audit_log_link_denied("linkat", link);
return -EPERM;
}