diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2007-06-07 11:13:31 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2007-07-22 09:57:02 -0400 |
commit | 4259fa01a2d2aa3e589b34ba7624080232d9c1ff (patch) | |
tree | 3aa83d784c4db22f3b62e4d963757497555c5e5c /security | |
parent | 74f2345b6be1410f824cb7dd638d2c10a9709379 (diff) | |
download | lwn-4259fa01a2d2aa3e589b34ba7624080232d9c1ff.tar.gz lwn-4259fa01a2d2aa3e589b34ba7624080232d9c1ff.zip |
[PATCH] get rid of AVC_PATH postponed treatment
Selinux folks had been complaining about the lack of AVC_PATH
records when audit is disabled. I must admit my stupidity - I assumed
that avc_audit() really couldn't use audit_log_d_path() because of
deadlocks (== could be called with dcache_lock or vfsmount_lock held).
Shouldn't have made that assumption - it never gets called that way.
It _is_ called under spinlocks, but not those.
Since audit_log_d_path() uses ab->gfp_mask for allocations,
kmalloc() in there is not a problem. IOW, the simple fix is sufficient:
let's rip AUDIT_AVC_PATH out and simply generate pathname as part of main
record. It's trivial to do.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/avc.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index ecd067384531..0e69adf63bdb 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -570,10 +570,12 @@ void avc_audit(u32 ssid, u32 tsid, case AVC_AUDIT_DATA_FS: if (a->u.fs.dentry) { struct dentry *dentry = a->u.fs.dentry; - if (a->u.fs.mnt) - audit_avc_path(dentry, a->u.fs.mnt); - audit_log_format(ab, " name="); - audit_log_untrustedstring(ab, dentry->d_name.name); + if (a->u.fs.mnt) { + audit_log_d_path(ab, "path=", dentry, a->u.fs.mnt); + } else { + audit_log_format(ab, " name="); + audit_log_untrustedstring(ab, dentry->d_name.name); + } inode = dentry->d_inode; } else if (a->u.fs.inode) { struct dentry *dentry; @@ -624,9 +626,8 @@ void avc_audit(u32 ssid, u32 tsid, case AF_UNIX: u = unix_sk(sk); if (u->dentry) { - audit_avc_path(u->dentry, u->mnt); - audit_log_format(ab, " name="); - audit_log_untrustedstring(ab, u->dentry->d_name.name); + audit_log_d_path(ab, "path=", + u->dentry, u->mnt); break; } if (!u->addr) |