diff options
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditsc.c | 14 | ||||
-rw-r--r-- | kernel/seccomp.c | 17 |
2 files changed, 20 insertions, 11 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 46ef2c23618d..0d4e7ab847b1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2466,7 +2466,19 @@ void audit_core_dumps(long signr) audit_log_end(ab); } -void __audit_seccomp(unsigned long syscall, long signr, int code) +/** + * audit_seccomp - record information about a seccomp action + * @syscall: syscall number + * @signr: signal value + * @code: the seccomp action + * + * Record the information associated with a seccomp action. Event filtering for + * seccomp actions that are not to be logged is done in seccomp_log(). + * Therefore, this function forces auditing independent of the audit_enabled + * and dummy context state because seccomp actions should be logged even when + * audit is not in use. + */ +void audit_seccomp(unsigned long syscall, long signr, int code) { struct audit_buffer *ab; diff --git a/kernel/seccomp.c b/kernel/seccomp.c index f5630d1a88fe..5386749cdd21 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -584,18 +584,15 @@ static inline void seccomp_log(unsigned long syscall, long signr, u32 action, } /* - * Force an audit message to be emitted when the action is RET_KILL_*, - * RET_LOG, or the FILTER_FLAG_LOG bit was set and the action is - * allowed to be logged by the admin. + * Emit an audit message when the action is RET_KILL_*, RET_LOG, or the + * FILTER_FLAG_LOG bit was set. The admin has the ability to silence + * any action from being logged by removing the action name from the + * seccomp_actions_logged sysctl. */ - if (log) - return __audit_seccomp(syscall, signr, action); + if (!log) + return; - /* - * Let the audit subsystem decide if the action should be audited based - * on whether the current task itself is being audited. - */ - return audit_seccomp(syscall, signr, action); + audit_seccomp(syscall, signr, action); } /* |