diff options
author | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-05-27 12:17:28 +0100 |
---|---|---|
committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-05-27 12:17:28 +0100 |
commit | 8f37d47c9bf74cb48692691086b482e315d07f40 (patch) | |
tree | b7d35bbd8e78d124455f3abbc9c50134bc9cee0a /kernel/auditsc.c | |
parent | 7551ced334ce6eb2a7a765309871e619f645add1 (diff) | |
download | kernel-common-8f37d47c9bf74cb48692691086b482e315d07f40.tar.gz kernel-common-8f37d47c9bf74cb48692691086b482e315d07f40.tar.bz2 kernel-common-8f37d47c9bf74cb48692691086b482e315d07f40.zip |
AUDIT: Record working directory when syscall arguments are pathnames
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r-- | kernel/auditsc.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 7556c479d5af..e75f84e1a1a0 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -145,6 +145,8 @@ struct audit_context { int auditable; /* 1 if record should be written */ int name_count; struct audit_names names[AUDIT_NAMES]; + struct dentry * pwd; + struct vfsmount * pwdmnt; struct audit_context *previous; /* For nested syscalls */ struct audit_aux_data *aux; @@ -552,6 +554,12 @@ static inline void audit_free_names(struct audit_context *context) if (context->names[i].name) __putname(context->names[i].name); context->name_count = 0; + if (context->pwd) + dput(context->pwd); + if (context->pwdmnt) + mntput(context->pwdmnt); + context->pwd = NULL; + context->pwdmnt = NULL; } static inline void audit_free_aux(struct audit_context *context) @@ -745,10 +753,18 @@ static void audit_log_exit(struct audit_context *context) audit_log_end(ab); } + if (context->pwd && context->pwdmnt) { + ab = audit_log_start(context, AUDIT_CWD); + if (ab) { + audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt); + audit_log_end(ab); + } + } for (i = 0; i < context->name_count; i++) { ab = audit_log_start(context, AUDIT_PATH); if (!ab) continue; /* audit_panic has been called */ + audit_log_format(ab, "item=%d", i); if (context->names[i].name) { audit_log_format(ab, " name="); @@ -929,6 +945,13 @@ void audit_getname(const char *name) context->names[context->name_count].name = name; context->names[context->name_count].ino = (unsigned long)-1; ++context->name_count; + if (!context->pwd) { + read_lock(¤t->fs->lock); + context->pwd = dget(current->fs->pwd); + context->pwdmnt = mntget(current->fs->pwdmnt); + read_unlock(¤t->fs->lock); + } + } /* Intercept a putname request. Called from |