audit: link denied should not directly generate PATH record
Audit link denied events generate duplicate PATH records which disagree in different ways from symlink and hardlink denials. audit_log_link_denied() should not directly generate PATH records. See: https://github.com/linux-audit/audit-kernel/issues/21 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Родитель
15564ff0a1
Коммит
45b578fe4c
|
@ -2313,31 +2313,19 @@ EXPORT_SYMBOL(audit_log_task_info);
|
||||||
void audit_log_link_denied(const char *operation, const struct path *link)
|
void audit_log_link_denied(const char *operation, const struct path *link)
|
||||||
{
|
{
|
||||||
struct audit_buffer *ab;
|
struct audit_buffer *ab;
|
||||||
struct audit_names *name;
|
|
||||||
|
|
||||||
if (!audit_enabled || audit_dummy_context())
|
if (!audit_enabled || audit_dummy_context())
|
||||||
return;
|
return;
|
||||||
|
|
||||||
name = kzalloc(sizeof(*name), GFP_NOFS);
|
|
||||||
if (!name)
|
|
||||||
return;
|
|
||||||
|
|
||||||
/* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */
|
/* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */
|
||||||
ab = audit_log_start(current->audit_context, GFP_KERNEL,
|
ab = audit_log_start(current->audit_context, GFP_KERNEL,
|
||||||
AUDIT_ANOM_LINK);
|
AUDIT_ANOM_LINK);
|
||||||
if (!ab)
|
if (!ab)
|
||||||
goto out;
|
return;
|
||||||
audit_log_format(ab, "op=%s", operation);
|
audit_log_format(ab, "op=%s", operation);
|
||||||
audit_log_task_info(ab, current);
|
audit_log_task_info(ab, current);
|
||||||
audit_log_format(ab, " res=0");
|
audit_log_format(ab, " res=0");
|
||||||
audit_log_end(ab);
|
audit_log_end(ab);
|
||||||
|
|
||||||
/* Generate AUDIT_PATH record with object. */
|
|
||||||
name->type = AUDIT_TYPE_NORMAL;
|
|
||||||
audit_copy_inode(name, link->dentry, d_backing_inode(link->dentry));
|
|
||||||
audit_log_name(current->audit_context, name, link, 0, NULL);
|
|
||||||
out:
|
|
||||||
kfree(name);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Загрузка…
Ссылка в новой задаче