Commit cd77b8212d5473b800ac865364981d334ff564ea
1 parent
b7d1125817
Exists in
master
and in
7 other branches
Restore logging of pid= and comm= in AVC audit messages
We turned this all off because the 'exe=' was causing deadlocks on dcache_lock. There's no need to leave the pid and comm out though. They'll all be logged correctly if full auditing is enabled, but we should still print them in case auditing _isn't_ enabled. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Showing 1 changed file with 7 additions and 0 deletions Side-by-side Diff
security/selinux/avc.c
| ... | ... | @@ -532,6 +532,7 @@ |
| 532 | 532 | u16 tclass, u32 requested, |
| 533 | 533 | struct av_decision *avd, int result, struct avc_audit_data *a) |
| 534 | 534 | { |
| 535 | + struct task_struct *tsk = current; | |
| 535 | 536 | struct inode *inode = NULL; |
| 536 | 537 | u32 denied, audited; |
| 537 | 538 | struct audit_buffer *ab; |
| ... | ... | @@ -555,6 +556,12 @@ |
| 555 | 556 | audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted"); |
| 556 | 557 | avc_dump_av(ab, tclass,audited); |
| 557 | 558 | audit_log_format(ab, " for "); |
| 559 | + if (a && a->tsk) | |
| 560 | + tsk = a->tsk; | |
| 561 | + if (a->tsk && a->tsk->pid) { | |
| 562 | + audit_log_format(ab, " pid=%d comm=", tsk->pid); | |
| 563 | + audit_log_untrustedstring(ab, tsk->comm); | |
| 564 | + } | |
| 558 | 565 | if (a) { |
| 559 | 566 | switch (a->type) { |
| 560 | 567 | case AVC_AUDIT_DATA_IPC: |