diff options
| author | Paul Moore <paul@paul-moore.com> | 2016-08-30 17:19:13 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2016-08-30 17:19:13 -0400 |
| commit | fa2bea2f5cca5b8d4a3e5520d2e8c0ede67ac108 (patch) | |
| tree | a7f49ec5a58e527f6a50cac7a628561688007629 /kernel/audit.c | |
| parent | 523d939ef98fd712632d93a5a2b588e477a7565e (diff) | |
| download | op-kernel-dev-fa2bea2f5cca5b8d4a3e5520d2e8c0ede67ac108.zip op-kernel-dev-fa2bea2f5cca5b8d4a3e5520d2e8c0ede67ac108.tar.gz | |
audit: consistently record PIDs with task_tgid_nr()
Unfortunately we record PIDs in audit records using a variety of
methods despite the correct way being the use of task_tgid_nr().
This patch converts all of these callers, except for the case of
AUDIT_SET in audit_receive_msg() (see the comment in the code).
Reported-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/audit.c')
| -rw-r--r-- | kernel/audit.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 8d528f9..02bde12 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -877,6 +877,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) return err; } if (s.mask & AUDIT_STATUS_PID) { + /* NOTE: we are using task_tgid_vnr() below because + * the s.pid value is relative to the namespace + * of the caller; at present this doesn't matter + * much since you can really only run auditd + * from the initial pid namespace, but something + * to keep in mind if this changes */ int new_pid = s.pid; pid_t requesting_pid = task_tgid_vnr(current); @@ -1917,7 +1923,7 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) " euid=%u suid=%u fsuid=%u" " egid=%u sgid=%u fsgid=%u tty=%s ses=%u", task_ppid_nr(tsk), - task_pid_nr(tsk), + task_tgid_nr(tsk), from_kuid(&init_user_ns, audit_get_loginuid(tsk)), from_kuid(&init_user_ns, cred->uid), from_kgid(&init_user_ns, cred->gid), |
