Commit 939cbf260c1abce6cad4b95ea4ba9f5132b660b3
Committed by
Al Viro
1 parent
44e51a1b78
Exists in
master
and in
7 other branches
Audit: send signal info if selinux is disabled
Audit will not respond to signal requests if selinux is disabled since it is unable to translate the 0 sid from the sending process to a context. This patch just doesn't send the context info if there isn't any. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Showing 1 changed file with 12 additions and 6 deletions Side-by-side Diff
kernel/audit.c
... | ... | @@ -855,18 +855,24 @@ |
855 | 855 | break; |
856 | 856 | } |
857 | 857 | case AUDIT_SIGNAL_INFO: |
858 | - err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); | |
859 | - if (err) | |
860 | - return err; | |
858 | + len = 0; | |
859 | + if (audit_sig_sid) { | |
860 | + err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); | |
861 | + if (err) | |
862 | + return err; | |
863 | + } | |
861 | 864 | sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); |
862 | 865 | if (!sig_data) { |
863 | - security_release_secctx(ctx, len); | |
866 | + if (audit_sig_sid) | |
867 | + security_release_secctx(ctx, len); | |
864 | 868 | return -ENOMEM; |
865 | 869 | } |
866 | 870 | sig_data->uid = audit_sig_uid; |
867 | 871 | sig_data->pid = audit_sig_pid; |
868 | - memcpy(sig_data->ctx, ctx, len); | |
869 | - security_release_secctx(ctx, len); | |
872 | + if (audit_sig_sid) { | |
873 | + memcpy(sig_data->ctx, ctx, len); | |
874 | + security_release_secctx(ctx, len); | |
875 | + } | |
870 | 876 | audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO, |
871 | 877 | 0, 0, sig_data, sizeof(*sig_data) + len); |
872 | 878 | kfree(sig_data); |