diff options
| author |   Amy Griffis <amy.griffis@hp.com> | 2006-07-13 13:16:39 -0400 |
|---|---|---|
| committer |   Al Viro <viro@zeniv.linux.org.uk> | 2006-08-03 10:50:30 -0400 |
| commit | 73d3ec5abad3f1730ac8530899d2c14d92f3ad63 (patch) | |
| tree | c2829a1e36ca155eecc7d4b8648fe9755247bec5 /kernel | |
| parent | [PATCH] fix faulty inode data collection for open() with O_CREAT (diff) | |
| download | linux-dev-73d3ec5abad3f1730ac8530899d2c14d92f3ad63.tar.xz linux-dev-73d3ec5abad3f1730ac8530899d2c14d92f3ad63.zip | |
[PATCH] fix missed create event for directory audit
When an object is created via a symlink into an audited directory, audit misses
the event due to not having collected the inode data for the directory. Modify
__audit_inode_child() to copy the parent inode data if a parent wasn't found in
audit_names[].
Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/auditsc.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b939ed2da3ee..b1356fc63b26 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1251,7 +1251,7 @@ void __audit_inode(const char *name, const struct inode *inode) * audit_inode_child - collect inode info for created/removed objects * @dname: inode's dentry name * @inode: inode being audited - * @pino: inode number of dentry parent + * @parent: inode of dentry parent * * For syscalls that create or remove filesystem objects, audit_inode * can only collect information for the filesystem object's parent. @@ -1262,7 +1262,7 @@ void __audit_inode(const char *name, const struct inode *inode) * unsuccessful attempts. */ void __audit_inode_child(const char *dname, const struct inode *inode, - unsigned long pino) + const struct inode *parent) { int idx; struct audit_context *context = current->audit_context; @@ -1276,7 +1276,7 @@ void __audit_inode_child(const char *dname, const struct inode *inode, if (!dname) goto update_context; for (idx = 0; idx < context->name_count; idx++) - if (context->names[idx].ino == pino) { + if (context->names[idx].ino == parent->i_ino) { const char *name = context->names[idx].name; if (!name) @@ -1304,6 +1304,16 @@ update_context: context->names[idx].ino = (unsigned long)-1; else audit_copy_inode(&context->names[idx], inode); + + /* A parent was not found in audit_names, so copy the inode data for the + * provided parent. */ + if (!found_name) { + idx = context->name_count++; +#if AUDIT_DEBUG + context->ino_count++; +#endif + audit_copy_inode(&context->names[idx], parent); + } } /** |