diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2007-02-07 01:48:00 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2007-02-17 21:30:15 -0500 |
commit | db3495099d3d52854b13874905af6e40a91f4721 (patch) | |
tree | 5a832081d70dd9dabda3498baf40b7d6ced47f24 /kernel | |
parent | 6a01b07fae482f9b34491b317056c89d3b96ca2e (diff) | |
download | kernel-crypto-db3495099d3d52854b13874905af6e40a91f4721.tar.gz kernel-crypto-db3495099d3d52854b13874905af6e40a91f4721.tar.xz kernel-crypto-db3495099d3d52854b13874905af6e40a91f4721.zip |
[PATCH] AUDIT_FD_PAIR
Provide an audit record of the descriptor pair returned by pipe() and
socketpair(). Rewritten from the original posted to linux-audit by
John D. Ramsdell <ramsdell@mitre.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditsc.c | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 298897559ca..359955800dd 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -170,6 +170,11 @@ struct audit_aux_data_sockaddr { char a[0]; }; +struct audit_aux_data_fd_pair { + struct audit_aux_data d; + int fd[2]; +}; + struct audit_aux_data_path { struct audit_aux_data d; struct dentry *dentry; @@ -961,6 +966,11 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts audit_log_d_path(ab, "path=", axi->dentry, axi->mnt); break; } + case AUDIT_FD_PAIR: { + struct audit_aux_data_fd_pair *axs = (void *)aux; + audit_log_format(ab, "fd0=%d fd1=%d", axs->fd[0], axs->fd[1]); + break; } + } audit_log_end(ab); } @@ -1815,6 +1825,36 @@ int audit_socketcall(int nargs, unsigned long *args) } /** + * __audit_fd_pair - record audit data for pipe and socketpair + * @fd1: the first file descriptor + * @fd2: the second file descriptor + * + * Returns 0 for success or NULL context or < 0 on error. + */ +int __audit_fd_pair(int fd1, int fd2) +{ + struct audit_context *context = current->audit_context; + struct audit_aux_data_fd_pair *ax; + + if (likely(!context)) { + return 0; + } + + ax = kmalloc(sizeof(*ax), GFP_KERNEL); + if (!ax) { + return -ENOMEM; + } + + ax->fd[0] = fd1; + ax->fd[1] = fd2; + + ax->d.type = AUDIT_FD_PAIR; + ax->d.next = context->aux; + context->aux = (void *)ax; + return 0; +} + +/** * audit_sockaddr - record audit data for sys_bind, sys_connect, sys_sendto * @len: data length in user space * @a: data address in kernel space |