[PATCH] fix broken timestamps in AVC generated by kernel threads
Timestamp in audit_context is valid only if ->in_syscall is set. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro
@@ -435,7 +435,7 @@ static inline void audit_ptrace(struct task_struct *t)
|
|||||||
|
|
||||||
/* Private API (for audit.c only) */
|
/* Private API (for audit.c only) */
|
||||||
extern unsigned int audit_serial(void);
|
extern unsigned int audit_serial(void);
|
||||||
extern void auditsc_get_stamp(struct audit_context *ctx,
|
extern int auditsc_get_stamp(struct audit_context *ctx,
|
||||||
struct timespec *t, unsigned int *serial);
|
struct timespec *t, unsigned int *serial);
|
||||||
extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
|
extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
|
||||||
#define audit_get_loginuid(t) ((t)->loginuid)
|
#define audit_get_loginuid(t) ((t)->loginuid)
|
||||||
@@ -518,7 +518,7 @@ extern int audit_signals;
|
|||||||
#define audit_inode(n,d) do { ; } while (0)
|
#define audit_inode(n,d) do { ; } while (0)
|
||||||
#define audit_inode_child(d,i,p) do { ; } while (0)
|
#define audit_inode_child(d,i,p) do { ; } while (0)
|
||||||
#define audit_core_dumps(i) do { ; } while (0)
|
#define audit_core_dumps(i) do { ; } while (0)
|
||||||
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
|
#define auditsc_get_stamp(c,t,s) (0)
|
||||||
#define audit_get_loginuid(t) (-1)
|
#define audit_get_loginuid(t) (-1)
|
||||||
#define audit_get_sessionid(t) (-1)
|
#define audit_get_sessionid(t) (-1)
|
||||||
#define audit_log_task_context(b) do { ; } while (0)
|
#define audit_log_task_context(b) do { ; } while (0)
|
||||||
|
|||||||
@@ -1121,9 +1121,7 @@ unsigned int audit_serial(void)
|
|||||||
static inline void audit_get_stamp(struct audit_context *ctx,
|
static inline void audit_get_stamp(struct audit_context *ctx,
|
||||||
struct timespec *t, unsigned int *serial)
|
struct timespec *t, unsigned int *serial)
|
||||||
{
|
{
|
||||||
if (ctx)
|
if (!ctx || !auditsc_get_stamp(ctx, t, serial)) {
|
||||||
auditsc_get_stamp(ctx, t, serial);
|
|
||||||
else {
|
|
||||||
*t = CURRENT_TIME;
|
*t = CURRENT_TIME;
|
||||||
*serial = audit_serial();
|
*serial = audit_serial();
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1957,15 +1957,18 @@ EXPORT_SYMBOL_GPL(__audit_inode_child);
|
|||||||
*
|
*
|
||||||
* Also sets the context as auditable.
|
* Also sets the context as auditable.
|
||||||
*/
|
*/
|
||||||
void auditsc_get_stamp(struct audit_context *ctx,
|
int auditsc_get_stamp(struct audit_context *ctx,
|
||||||
struct timespec *t, unsigned int *serial)
|
struct timespec *t, unsigned int *serial)
|
||||||
{
|
{
|
||||||
|
if (!ctx->in_syscall)
|
||||||
|
return 0;
|
||||||
if (!ctx->serial)
|
if (!ctx->serial)
|
||||||
ctx->serial = audit_serial();
|
ctx->serial = audit_serial();
|
||||||
t->tv_sec = ctx->ctime.tv_sec;
|
t->tv_sec = ctx->ctime.tv_sec;
|
||||||
t->tv_nsec = ctx->ctime.tv_nsec;
|
t->tv_nsec = ctx->ctime.tv_nsec;
|
||||||
*serial = ctx->serial;
|
*serial = ctx->serial;
|
||||||
ctx->auditable = 1;
|
ctx->auditable = 1;
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* global counter which is incremented every time something logs in */
|
/* global counter which is incremented every time something logs in */
|
||||||
|
|||||||
Reference in New Issue
Block a user