[PATCH v1] audit,module: restore audit logging in load failure case
by Richard Guy Briggs
The move of the module sanity check to earlier skipped the audit logging
call in the case of failure and to a place where the previously used
context is unavailable.
Add an audit logging call for the module loading failure case and get
the module name when possible.
Link: https://issues.redhat.com/browse/RHEL-52839
Fixes: 02da2cbab452 ("module: move check_modinfo() early to early_mod_check()")
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
kernel/module/main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/module/main.c b/kernel/module/main.c
index 49b9bca9de12..1f482532ef66 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -3057,8 +3057,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
* failures once the proper module was allocated and
* before that.
*/
- if (!module_allocated)
+ if (!module_allocated) {
+ audit_log_kern_module(info->name ? info->name : "(unavailable)");
mod_stat_bump_becoming(info, flags);
+ }
free_copy(info, flags);
return err;
}
--
2.43.5
1 day, 6 hours
- 4
- 7
[PATCH v1 0/2] override audit silence norule for fs cases
by Richard Guy Briggs
The audit subsystem normally suppresses output when there are no rules
present to avoid overwhelming the user with unwanted messages. It could
be argued that another security subsystem would generally want to
override that default. Allow them through for fsnotify and filesystem
security violations.
Richard Guy Briggs (2):
audit: record fanotify event regardless of presence of rules
audit: record AUDIT_ANOM_* events regardless of presence of rules
include/linux/audit.h | 8 +-------
kernel/audit.c | 2 +-
kernel/auditsc.c | 2 +-
3 files changed, 3 insertions(+), 9 deletions(-)
--
2.43.5
1 day, 7 hours
- 2
- 6
- ← Newer
- 1
- Older →