summaryrefslogtreecommitdiff
path: root/kernel/signal.c
diff options
context:
space:
mode:
authorAmy Griffis <amy.griffis@hp.com>2007-03-29 18:01:04 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2007-05-11 05:38:25 -0400
commite54dc2431d740a79a6bd013babade99d71b1714f (patch)
tree16b0990d5c16946239a17b332f54b5918fb03305 /kernel/signal.c
parent7f13da40e36c84d0d046b7adbd060af7d3717250 (diff)
downloadlwn-e54dc2431d740a79a6bd013babade99d71b1714f.tar.gz
lwn-e54dc2431d740a79a6bd013babade99d71b1714f.zip
[PATCH] audit signal recipients
When auditing syscalls that send signals, log the pid and security context for each target process. Optimize the data collection by adding a counter for signal-related rules, and avoiding allocating an aux struct unless we have more than one target process. For process groups, collect pid/context data in blocks of 16. Move the audit_signal_info() hook up in check_kill_permission() so we audit attempts where permission is denied. Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/signal.c')
-rw-r--r--kernel/signal.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/kernel/signal.c b/kernel/signal.c
index 2ac3a668d9dd..c43a3f19d477 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -497,6 +497,11 @@ static int check_kill_permission(int sig, struct siginfo *info,
int error = -EINVAL;
if (!valid_signal(sig))
return error;
+
+ error = audit_signal_info(sig, t); /* Let audit system see the signal */
+ if (error)
+ return error;
+
error = -EPERM;
if ((info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info)))
&& ((sig != SIGCONT) ||
@@ -506,10 +511,7 @@ static int check_kill_permission(int sig, struct siginfo *info,
&& !capable(CAP_KILL))
return error;
- error = security_task_kill(t, info, sig, 0);
- if (!error)
- audit_signal_info(sig, t); /* Let audit system see the signal */
- return error;
+ return security_task_kill(t, info, sig, 0);
}
/* forward decl */