diff options
author | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-06-20 16:07:33 +0100 |
---|---|---|
committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-06-20 16:07:33 +0100 |
commit | f7056d64ae101d910f965a2e39831f635ef7891b (patch) | |
tree | 854070383dca5ba3e865c663485a5d97adbbcf54 /kernel | |
parent | d6e0e1585a1a9a15e48ec47206a809828afe4450 (diff) | |
download | op-kernel-dev-f7056d64ae101d910f965a2e39831f635ef7891b.zip op-kernel-dev-f7056d64ae101d910f965a2e39831f635ef7891b.tar.gz |
AUDIT: Really exempt auditd from having its actions audited.
We were only avoiding it on syscall exit before; now stop _everything_.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditsc.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6b4fbb1..48a3957 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -477,6 +477,9 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, int word = AUDIT_WORD(ctx->major); int bit = AUDIT_BIT(ctx->major); + if (audit_pid && ctx->pid == audit_pid) + return AUDIT_DISABLED; + rcu_read_lock(); list_for_each_entry_rcu(e, list, list) { if ((e->rule.mask[word] & bit) == bit @@ -494,6 +497,9 @@ int audit_filter_user(struct task_struct *tsk, int type) struct audit_entry *e; enum audit_state state; + if (audit_pid && tsk->pid == audit_pid) + return AUDIT_DISABLED; + rcu_read_lock(); list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) { if (audit_filter_rules(tsk, &e->rule, NULL, &state)) { @@ -816,7 +822,7 @@ void audit_free(struct task_struct *tsk) /* Check for system calls that do not go through the exit * function (e.g., exit_group), then free context block. */ - if (context->in_syscall && context->auditable && context->pid != audit_pid) + if (context->in_syscall && context->auditable) audit_log_exit(context); audit_free_context(context); @@ -921,7 +927,7 @@ void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code) if (likely(!context)) return; - if (context->in_syscall && context->auditable && context->pid != audit_pid) + if (context->in_syscall && context->auditable) audit_log_exit(context); context->in_syscall = 0; |