Generate audit records for SECCOMP_RET_ERRNO actions, which were
previously not audited.
Additionally, include the errno value that will be set in the audit
message.
Signed-off-by: Tyler Hicks <tyhicks(a)canonical.com>
---
include/linux/audit.h | 19 ++++++++++++++++++-
kernel/auditsc.c | 3 +++
kernel/seccomp.c | 4 +++-
3 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 8c588c3..6815812 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -87,7 +87,10 @@ struct audit_field {
struct audit_seccomp_info {
int code;
- long signr;
+ union {
+ int errno;
+ long signr;
+ };
};
extern int is_audit_feature_set(int which);
@@ -319,6 +322,20 @@ static inline void audit_inode_child(struct inode *parent,
}
void audit_core_dumps(long signr);
+static inline void audit_seccomp_errno(unsigned long syscall, int errno,
+ int code)
+{
+ if (!audit_enabled)
+ return;
+
+ if (errno || unlikely(!audit_dummy_context())) {
+ struct audit_seccomp_info info = { .code = code,
+ .errno = errno };
+
+ __audit_seccomp(syscall, &info);
+ }
+}
+
static inline void audit_seccomp_signal(unsigned long syscall, long signr,
int code)
{
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b3472f2..db5fc9d 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2426,6 +2426,9 @@ void __audit_seccomp(unsigned long syscall, struct
audit_seccomp_info *info)
audit_log_task(ab);
switch (info->code) {
+ case SECCOMP_RET_ERRNO:
+ audit_log_format(ab, " errno=%d", info->errno);
+ break;
case SECCOMP_RET_KILL:
audit_log_format(ab, " sig=%ld", info->signr);
break;
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 54c01b6..e99c566 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -576,9 +576,11 @@ static int __seccomp_filter(int this_syscall, const struct
seccomp_data *sd,
/* Set low-order bits as an errno, capped at MAX_ERRNO. */
if (data > MAX_ERRNO)
data = MAX_ERRNO;
+
+ audit_seccomp_errno(this_syscall, data, action);
syscall_set_return_value(current, task_pt_regs(current),
-data, 0);
- goto skip;
+ return -1;
case SECCOMP_RET_TRAP:
/* Show the handler the original registers. */
--
2.7.4