summaryrefslogtreecommitdiff
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
authorDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-05-27 12:17:28 +0100
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-05-27 12:17:28 +0100
commit8f37d47c9bf74cb48692691086b482e315d07f40 (patch)
treeb7d35bbd8e78d124455f3abbc9c50134bc9cee0a /kernel/auditsc.c
parent7551ced334ce6eb2a7a765309871e619f645add1 (diff)
downloadkernel-common-8f37d47c9bf74cb48692691086b482e315d07f40.tar.gz
kernel-common-8f37d47c9bf74cb48692691086b482e315d07f40.tar.bz2
kernel-common-8f37d47c9bf74cb48692691086b482e315d07f40.zip
AUDIT: Record working directory when syscall arguments are pathnames
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c23
1 files changed, 23 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 7556c479d5af..e75f84e1a1a0 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -145,6 +145,8 @@ struct audit_context {
int auditable; /* 1 if record should be written */
int name_count;
struct audit_names names[AUDIT_NAMES];
+ struct dentry * pwd;
+ struct vfsmount * pwdmnt;
struct audit_context *previous; /* For nested syscalls */
struct audit_aux_data *aux;
@@ -552,6 +554,12 @@ static inline void audit_free_names(struct audit_context *context)
if (context->names[i].name)
__putname(context->names[i].name);
context->name_count = 0;
+ if (context->pwd)
+ dput(context->pwd);
+ if (context->pwdmnt)
+ mntput(context->pwdmnt);
+ context->pwd = NULL;
+ context->pwdmnt = NULL;
}
static inline void audit_free_aux(struct audit_context *context)
@@ -745,10 +753,18 @@ static void audit_log_exit(struct audit_context *context)
audit_log_end(ab);
}
+ if (context->pwd && context->pwdmnt) {
+ ab = audit_log_start(context, AUDIT_CWD);
+ if (ab) {
+ audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt);
+ audit_log_end(ab);
+ }
+ }
for (i = 0; i < context->name_count; i++) {
ab = audit_log_start(context, AUDIT_PATH);
if (!ab)
continue; /* audit_panic has been called */
+
audit_log_format(ab, "item=%d", i);
if (context->names[i].name) {
audit_log_format(ab, " name=");
@@ -929,6 +945,13 @@ void audit_getname(const char *name)
context->names[context->name_count].name = name;
context->names[context->name_count].ino = (unsigned long)-1;
++context->name_count;
+ if (!context->pwd) {
+ read_lock(&current->fs->lock);
+ context->pwd = dget(current->fs->pwd);
+ context->pwdmnt = mntget(current->fs->pwdmnt);
+ read_unlock(&current->fs->lock);
+ }
+
}
/* Intercept a putname request. Called from