diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2010-10-30 02:54:44 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2010-10-30 08:45:43 -0400 |
commit | 120a795da07c9a02221ca23464c28a7c6ad7de1d (patch) | |
tree | 14e0f5ab35e9397f4a1b2f5e24b8394a601aa409 /kernel | |
parent | af2951325bd6c26cb2c91943c7b11aed53504056 (diff) | |
download | kernel_goldelico_gta04-120a795da07c9a02221ca23464c28a7c6ad7de1d.zip kernel_goldelico_gta04-120a795da07c9a02221ca23464c28a7c6ad7de1d.tar.gz kernel_goldelico_gta04-120a795da07c9a02221ca23464c28a7c6ad7de1d.tar.bz2 |
audit mmap
Normal syscall audit doesn't catch 5th argument of syscall. It also
doesn't catch the contents of userland structures pointed to be
syscall argument, so for both old and new mmap(2) ABI it doesn't
record the descriptor we are mapping. For old one it also misses
flags.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditsc.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 1b31c13..f49a031 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -241,6 +241,10 @@ struct audit_context { pid_t pid; struct audit_cap_data cap; } capset; + struct { + int fd; + int flags; + } mmap; }; int fds[2]; @@ -1305,6 +1309,10 @@ static void show_special(struct audit_context *context, int *call_panic) audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted); audit_log_cap(ab, "cap_pe", &context->capset.cap.effective); break; } + case AUDIT_MMAP: { + audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd, + context->mmap.flags); + break; } } audit_log_end(ab); } @@ -2476,6 +2484,14 @@ void __audit_log_capset(pid_t pid, context->type = AUDIT_CAPSET; } +void __audit_mmap_fd(int fd, int flags) +{ + struct audit_context *context = current->audit_context; + context->mmap.fd = fd; + context->mmap.flags = flags; + context->type = AUDIT_MMAP; +} + /** * audit_core_dumps - record information about processes that end abnormally * @signr: signal value |