On Wed, Feb 14, 2018 at 11:18 AM, Richard Guy Briggs <rgb(a)redhat.com> wrote:
Audit link denied events generate duplicate PATH records which
disagree
in different ways from symlink and hardlink denials.
audit_log_link_denied() should not directly generate PATH records.
See:
https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
kernel/audit.c | 14 +-------------
1 file changed, 1 insertion(+), 13 deletions(-)
Merged, thanks.
diff --git a/kernel/audit.c b/kernel/audit.c
index 4c3fd24..683b249 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2259,31 +2259,19 @@ void audit_log_task_info(struct audit_buffer *ab, struct
task_struct *tsk)
void audit_log_link_denied(const char *operation, const struct path *link)
{
struct audit_buffer *ab;
- struct audit_names *name;
if (!audit_enabled || audit_dummy_context())
return;
- name = kzalloc(sizeof(*name), GFP_NOFS);
- if (!name)
- return;
-
/* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */
ab = audit_log_start(current->audit_context, GFP_KERNEL,
AUDIT_ANOM_LINK);
if (!ab)
- goto out;
+ return;
audit_log_format(ab, "op=%s", operation);
audit_log_task_info(ab, current);
audit_log_format(ab, " res=0");
audit_log_end(ab);
-
- /* Generate AUDIT_PATH record with object. */
- name->type = AUDIT_TYPE_NORMAL;
- audit_copy_inode(name, link->dentry, d_backing_inode(link->dentry));
- audit_log_name(current->audit_context, name, link, 0, NULL);
-out:
- kfree(name);
}
/**
--
1.8.3.1
--
paul moore
www.paul-moore.com