Re: [PATCH V4] audit: add tty field to LOGIN event

Thursday, 28 April 2016

On Wed, Apr 27, 2016 at 9:31 PM, Richard Guy Briggs <rgb(a)redhat.com&gt; wrote:
...
 On 16/04/22, Peter Hurley wrote:
> 2. The existing usage is always tsk==current

 My understanding is that when it is called via:

         copy_process()
                 audit_free()
                         __audit_free()
                                 audit_log_exit()
                                         audit_log_task_info()

 then tsk != current.  This appears to be the only case which appears to
 force lugging around tsk.  This is noted in that commit referenced
 above. 
In the case where copy_process() ends up calling __audit_free(), the
call to audit_log_exit() is conditional on the audit context
in_syscall field being true and unless I missed something, the copied
process' audit context should not have in_syscall set to true.

-- 
paul moore
www.paul-moore.com

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [PATCH V4] audit: add tty field to LOGIN event