Re: [PATCH 1/3] kernel/audit: consolidate handling of mm->exe_file
On Wed, Feb 18, 2015 at 7:10 PM, Davidlohr Bueso <dbueso(a)suse.de> wrote:
From: Davidlohr Bueso <dave(a)stgolabs.net>
This patch adds a audit_log_d_path_exe() helper function
to share how we handle auditing of the exe_file's path.
Used by both audit and auditsc. No functionality is changed.
Cc: Paul Moore <paul(a)paul-moore.com>
Cc: Eric Paris <eparis(a)redhat.com>
Cc: linux-audit(a)redhat.com
Signed-off-by: Davidlohr Bueso <dbueso(a)suse.de>
---
Compile tested only.
kernel/audit.c | 9 +--------
kernel/audit.h | 14 ++++++++++++++
kernel/auditsc.c | 9 +--------
3 files changed, 16 insertions(+), 16 deletions(-)
I'd prefer if the audit_log_d_path_exe() helper wasn't a static inline.
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -257,6 +257,20 @@ extern struct list_head audit_filter_list[];
extern struct audit_entry *audit_dupe_rule(struct audit_krule *old);
+static inline void audit_log_d_path_exe(struct audit_buffer *ab,
+ struct mm_struct *mm)
+{
+ if (!mm) {
+ audit_log_format(ab, " exe=(null)");
+ return;
+ }
+
+ down_read(&mm->mmap_sem);
+ if (mm->exe_file)
+ audit_log_d_path(ab, " exe=",
&mm->exe_file->f_path);
+ up_read(&mm->mmap_sem);
+}
+
/* audit watch functions */
#ifdef CONFIG_AUDIT_WATCH
extern void audit_put_watch(struct audit_watch *watch);
--
paul moore
www.paul-moore.com