| auditsc.c (e68b75a027bb94066576139ee33676264f867b87) | auditsc.c (76aac0e9a17742e60d408be1a706e9aaad370891) |
|---|---|
| 1/* auditsc.c -- System-call auditing support 2 * Handles all system-call specific auditing features. 3 * 4 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. 5 * Copyright 2005 Hewlett-Packard Development Company, L.P. 6 * Copyright (C) 2005, 2006 IBM Corporation 7 * All Rights Reserved. 8 * --- 2614 unchanged lines hidden (view full) --- 2623 * 2624 * If a process ends with a core dump, something fishy is going on and we 2625 * should record the event for investigation. 2626 */ 2627void audit_core_dumps(long signr) 2628{ 2629 struct audit_buffer *ab; 2630 u32 sid; | 1/* auditsc.c -- System-call auditing support 2 * Handles all system-call specific auditing features. 3 * 4 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. 5 * Copyright 2005 Hewlett-Packard Development Company, L.P. 6 * Copyright (C) 2005, 2006 IBM Corporation 7 * All Rights Reserved. 8 * --- 2614 unchanged lines hidden (view full) --- 2623 * 2624 * If a process ends with a core dump, something fishy is going on and we 2625 * should record the event for investigation. 2626 */ 2627void audit_core_dumps(long signr) 2628{ 2629 struct audit_buffer *ab; 2630 u32 sid; |
| 2631 uid_t auid = audit_get_loginuid(current); | 2631 uid_t auid = audit_get_loginuid(current), uid; 2632 gid_t gid; |
| 2632 unsigned int sessionid = audit_get_sessionid(current); 2633 2634 if (!audit_enabled) 2635 return; 2636 2637 if (signr == SIGQUIT) /* don't care for those */ 2638 return; 2639 2640 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND); | 2633 unsigned int sessionid = audit_get_sessionid(current); 2634 2635 if (!audit_enabled) 2636 return; 2637 2638 if (signr == SIGQUIT) /* don't care for those */ 2639 return; 2640 2641 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND); |
| 2642 current_uid_gid(&uid, &gid); |
|
| 2641 audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u", | 2643 audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u", |
| 2642 auid, current->uid, current->gid, sessionid); | 2644 auid, uid, gid, sessionid); |
| 2643 security_task_getsecid(current, &sid); 2644 if (sid) { 2645 char *ctx = NULL; 2646 u32 len; 2647 2648 if (security_secid_to_secctx(sid, &ctx, &len)) 2649 audit_log_format(ab, " ssid=%u", sid); 2650 else { 2651 audit_log_format(ab, " subj=%s", ctx); 2652 security_release_secctx(ctx, len); 2653 } 2654 } 2655 audit_log_format(ab, " pid=%d comm=", current->pid); 2656 audit_log_untrustedstring(ab, current->comm); 2657 audit_log_format(ab, " sig=%ld", signr); 2658 audit_log_end(ab); 2659} | 2645 security_task_getsecid(current, &sid); 2646 if (sid) { 2647 char *ctx = NULL; 2648 u32 len; 2649 2650 if (security_secid_to_secctx(sid, &ctx, &len)) 2651 audit_log_format(ab, " ssid=%u", sid); 2652 else { 2653 audit_log_format(ab, " subj=%s", ctx); 2654 security_release_secctx(ctx, len); 2655 } 2656 } 2657 audit_log_format(ab, " pid=%d comm=", current->pid); 2658 audit_log_untrustedstring(ab, current->comm); 2659 audit_log_format(ab, " sig=%ld", signr); 2660 audit_log_end(ab); 2661} |