seccomp: audit abnormal end to a process due to seccomp

The audit system likes to collect information about processes that end abnormally (SIGSEGV) as this may me useful intrusion detection information. This patch adds audit support to collect information when seccomp forces a task to exit because of misbehavior in a similar way. Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2012-01-03 14:23:05 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2012-01-17 16:16:55 -0500
commit: 85e7bac33b8d5edafc4e219c7dfdb3d48e0b4e31 (patch)
tree: 6a1f178de829d2219a65a8563e12f2c8029d4b13 /kernel/seccomp.c
parent: audit: check current inode and containing object when filtering on major and minor (diff)
download: linux-dev-85e7bac33b8d5edafc4e219c7dfdb3d48e0b4e31.tar.xz
linux-dev-85e7bac33b8d5edafc4e219c7dfdb3d48e0b4e31.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 57d4b13b631d..e8d76c5895ea 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -6,6 +6,7 @@
  * This defines a simple but solid secure-computing mode.
  */
 
+#include <linux/audit.h>
 #include <linux/seccomp.h>
 #include <linux/sched.h>
 #include <linux/compat.h>
@@ -54,6 +55,7 @@ void __secure_computing(int this_syscall)
 #ifdef SECCOMP_DEBUG
 	dump_stack();
 #endif
+	audit_seccomp(this_syscall);
 	do_exit(SIGKILL);
 }
author	Eric Paris <eparis@redhat.com>	2012-01-03 14:23:05 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2012-01-17 16:16:55 -0500
commit	85e7bac33b8d5edafc4e219c7dfdb3d48e0b4e31 (patch)
tree	6a1f178de829d2219a65a8563e12f2c8029d4b13 /kernel/seccomp.c
parent	audit: check current inode and containing object when filtering on major and minor (diff)
download	linux-dev-85e7bac33b8d5edafc4e219c7dfdb3d48e0b4e31.tar.xz linux-dev-85e7bac33b8d5edafc4e219c7dfdb3d48e0b4e31.zip