aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2010-10-30 02:54:44 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2010-10-30 08:45:43 -0400
commit120a795da07c9a02221ca23464c28a7c6ad7de1d (patch)
tree14e0f5ab35e9397f4a1b2f5e24b8394a601aa409 /kernel
parentaf2951325bd6c26cb2c91943c7b11aed53504056 (diff)
downloadkernel_goldelico_gta04-120a795da07c9a02221ca23464c28a7c6ad7de1d.zip
kernel_goldelico_gta04-120a795da07c9a02221ca23464c28a7c6ad7de1d.tar.gz
kernel_goldelico_gta04-120a795da07c9a02221ca23464c28a7c6ad7de1d.tar.bz2
audit mmap
Normal syscall audit doesn't catch 5th argument of syscall. It also doesn't catch the contents of userland structures pointed to be syscall argument, so for both old and new mmap(2) ABI it doesn't record the descriptor we are mapping. For old one it also misses flags. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditsc.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 1b31c13..f49a031 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -241,6 +241,10 @@ struct audit_context {
pid_t pid;
struct audit_cap_data cap;
} capset;
+ struct {
+ int fd;
+ int flags;
+ } mmap;
};
int fds[2];
@@ -1305,6 +1309,10 @@ static void show_special(struct audit_context *context, int *call_panic)
audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted);
audit_log_cap(ab, "cap_pe", &context->capset.cap.effective);
break; }
+ case AUDIT_MMAP: {
+ audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd,
+ context->mmap.flags);
+ break; }
}
audit_log_end(ab);
}
@@ -2476,6 +2484,14 @@ void __audit_log_capset(pid_t pid,
context->type = AUDIT_CAPSET;
}
+void __audit_mmap_fd(int fd, int flags)
+{
+ struct audit_context *context = current->audit_context;
+ context->mmap.fd = fd;
+ context->mmap.flags = flags;
+ context->type = AUDIT_MMAP;
+}
+
/**
* audit_core_dumps - record information about processes that end abnormally
* @signr: signal value