diff options
author | Eric Paris <eparis@redhat.com> | 2011-04-25 13:10:27 -0400 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2011-04-25 18:14:07 -0400 |
commit | a269434d2fb48a4d66c1d7bf821b7874b59c5b41 (patch) | |
tree | 9c84b5f3e9f3adb3dd4a7e9da2b72dd7fe7eec49 /security/lsm_audit.c | |
parent | f48b7399840b453e7282b523f535561fe9638a2d (diff) | |
download | lwn-a269434d2fb48a4d66c1d7bf821b7874b59c5b41.tar.gz lwn-a269434d2fb48a4d66c1d7bf821b7874b59c5b41.zip |
LSM: separate LSM_AUDIT_DATA_DENTRY from LSM_AUDIT_DATA_PATH
This patch separates and audit message that only contains a dentry from
one that contains a full path. This allows us to make it harder to
misuse the interfaces or for the interfaces to be implemented wrong.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/lsm_audit.c')
-rw-r--r-- | security/lsm_audit.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 2e846052cbf4..893af8a2fa1e 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -229,17 +229,24 @@ static void dump_common_audit_data(struct audit_buffer *ab, audit_log_format(ab, " capability=%d ", a->u.cap); break; case LSM_AUDIT_DATA_PATH: { - struct dentry *dentry = a->u.path.dentry; struct inode *inode; - if (a->u.path.mnt) { - audit_log_d_path(ab, "path=", &a->u.path); - } else { - audit_log_format(ab, " name="); - audit_log_untrustedstring(ab, - dentry->d_name.name); - } - inode = dentry->d_inode; + audit_log_d_path(ab, "path=", &a->u.path); + + inode = a->u.path.dentry->d_inode; + if (inode) + audit_log_format(ab, " dev=%s ino=%lu", + inode->i_sb->s_id, + inode->i_ino); + break; + } + case LSM_AUDIT_DATA_DENTRY: { + struct inode *inode; + + audit_log_format(ab, " name="); + audit_log_untrustedstring(ab, a->u.dentry->d_name.name); + + inode = a->u.dentry->d_inode; if (inode) audit_log_format(ab, " dev=%s ino=%lu", inode->i_sb->s_id, |