Re: [PATCH 2/2] audit signal recipients (v2)
On Fri, 2007-02-23 at 17:51 -0500, Amy Griffis wrote:
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 3749193..b90d121 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1171,7 +1171,7 @@ static inline int audit_add_rule(struct audit_entry *entry,
struct nameidata *ndp, *ndw;
int h, err, putnd_needed = 0;
#ifdef CONFIG_AUDITSYSCALL
- int dont_count = 0;
+ int i, dont_count = 0;
/* If either of these, don't count towards total */
if (entry->rule.listnr == AUDIT_FILTER_USER ||
@@ -1221,6 +1221,11 @@ static inline int audit_add_rule(struct audit_entry *entry,
#ifdef CONFIG_AUDITSYSCALL
if (!dont_count)
audit_n_rules++;
+
+ for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
+ if ((entry->rule.mask[i] & classes[AUDIT_CLASS_SIGNAL][i]) ||
+ (entry->rule.mask[i] & classes[AUDIT_CLASS_SIGNAL_32][i]))
+ audit_signals++;
#endif
mutex_unlock(&audit_filter_mutex);
@@ -1247,7 +1252,7 @@ static inline int audit_del_rule(struct audit_entry *entry,
LIST_HEAD(inotify_list);
int h, ret = 0;
#ifdef CONFIG_AUDITSYSCALL
- int dont_count = 0;
+ int i, dont_count = 0;
/* If either of these, don't count towards total */
if (entry->rule.listnr == AUDIT_FILTER_USER ||
@@ -1294,6 +1299,11 @@ static inline int audit_del_rule(struct audit_entry *entry,
#ifdef CONFIG_AUDITSYSCALL
if (!dont_count)
audit_n_rules--;
+
+ for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
+ if ((entry->rule.mask[i] & classes[AUDIT_CLASS_SIGNAL][i]) ||
+ (entry->rule.mask[i] & classes[AUDIT_CLASS_SIGNAL_32][i]))
+ audit_signals--;
#endif
mutex_unlock(&audit_filter_mutex);
Since AUDIT_CLASS_SIGNAL_32 is not defined on i686 (see patch 1/2 the
patch to lib/audit.c which i686 uses) the second part of this or
statement is referencing way beyond the end of the classes array. I'm
investigating the right way to decide what we should be comparing
against across all arches, but maybe you will find it first.
-Eric