Add audit container identifier auxiliary record to user event standalone
records.
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
Acked-by: Neil Horman <nhorman(a)tuxdriver.com>
Reviewed-by: Ondrej Mosnacek <omosnace(a)redhat.com>
---
kernel/audit.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 54dd2cb69402..997c34178ee8 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1212,12 +1212,6 @@ static void audit_log_common_recv_msg(struct audit_context
*context,
audit_log_task_context(*ab);
}
-static inline void audit_log_user_recv_msg(struct audit_buffer **ab,
- u16 msg_type)
-{
- audit_log_common_recv_msg(NULL, ab, msg_type);
-}
-
int is_audit_feature_set(int i)
{
return af.features & AUDIT_FEATURE_TO_MASK(i);
@@ -1486,6 +1480,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr
*nlh)
err = audit_filter(msg_type, AUDIT_FILTER_USER);
if (err == 1) { /* match or error */
char *str = data;
+ struct audit_context *context;
+ struct audit_contobj *cont;
err = 0;
if (msg_type == AUDIT_USER_TTY) {
@@ -1493,7 +1489,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr
*nlh)
if (err)
break;
}
- audit_log_user_recv_msg(&ab, msg_type);
+ context = audit_alloc_local(GFP_KERNEL);
+ audit_log_common_recv_msg(context, &ab, msg_type);
if (msg_type != AUDIT_USER_TTY) {
/* ensure NULL termination */
str[data_len - 1] = '\0';
@@ -1507,6 +1504,14 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr
*nlh)
audit_log_n_untrustedstring(ab, str, data_len);
}
audit_log_end(ab);
+ rcu_read_lock();
+ cont = _audit_contobj_get(current);
+ rcu_read_unlock();
+ audit_log_container_id(context, cont);
+ rcu_read_lock();
+ _audit_contobj_put(cont);
+ rcu_read_unlock();
+ audit_free_context(context);
}
break;
case AUDIT_ADD_RULE:
--
1.8.3.1