summaryrefslogtreecommitdiff
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2007-03-20 13:58:35 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2007-05-11 05:38:25 -0400
commita5cb013da773a67ee48d1c19e96436c22a73a7eb (patch)
tree8832d105c4742674423bd50352b8a4805c44fecc /kernel/auditsc.c
parent129a84de2347002f09721cda3155ccfd19fade40 (diff)
downloadkernel-common-a5cb013da773a67ee48d1c19e96436c22a73a7eb.tar.gz
kernel-common-a5cb013da773a67ee48d1c19e96436c22a73a7eb.tar.bz2
kernel-common-a5cb013da773a67ee48d1c19e96436c22a73a7eb.zip
[PATCH] auditing ptrace
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c29
1 files changed, 29 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 628c7ac590a0..2243c559bc03 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -209,6 +209,9 @@ struct audit_context {
unsigned long personality;
int arch;
+ pid_t target_pid;
+ u32 target_sid;
+
#if AUDIT_DEBUG
int put_count;
int ino_count;
@@ -973,6 +976,23 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
audit_log_end(ab);
}
+ if (context->target_pid) {
+ ab =audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
+ if (ab) {
+ char *s = NULL, *t;
+ u32 len;
+ if (selinux_sid_to_string(context->target_sid,
+ &s, &len))
+ t = "(none)";
+ else
+ t = s;
+ audit_log_format(ab, "opid=%d obj=%s",
+ context->target_pid, t);
+ audit_log_end(ab);
+ kfree(s);
+ }
+ }
+
if (context->pwd && context->pwdmnt) {
ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD);
if (ab) {
@@ -1193,6 +1213,7 @@ void audit_syscall_exit(int valid, long return_code)
} else {
audit_free_names(context);
audit_free_aux(context);
+ context->target_pid = 0;
kfree(context->filterkey);
context->filterkey = NULL;
tsk->audit_context = context;
@@ -1880,6 +1901,14 @@ int audit_sockaddr(int len, void *a)
return 0;
}
+void __audit_ptrace(struct task_struct *t)
+{
+ struct audit_context *context = current->audit_context;
+
+ context->target_pid = t->pid;
+ selinux_get_task_sid(t, &context->target_sid);
+}
+
/**
* audit_avc_path - record the granting or denial of permissions
* @dentry: dentry to record