Patchwork [Precise] UBUNTU: SAUCE: SECCOMP: audit: always report seccomp violations

login
register
mail settings
Submitter Kees Cook
Date March 30, 2012, 8:19 p.m.
Message ID <20120330201908.GC8020@outflux.net>
Download mbox | patch
Permalink /patch/149746/
State New
Headers show

Comments

Kees Cook - March 30, 2012, 8:19 p.m.
Violations of seccomp filters should always be reported, regardless
of audit context. This the minimal change version of what has been
proposed upstream: https://lkml.org/lkml/2012/3/23/332

Signed-off-by: Kees Cook <kees@ubuntu.com>
---
 include/linux/audit.h |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)
Leann Ogasawara - March 30, 2012, 8:43 p.m.
Applied to Precise master-next.

Thanks,
Leann

On Fri, 2012-03-30 at 13:19 -0700, Kees Cook wrote:
> Violations of seccomp filters should always be reported, regardless
> of audit context. This the minimal change version of what has been
> proposed upstream: https://lkml.org/lkml/2012/3/23/332
> 
> Signed-off-by: Kees Cook <kees@ubuntu.com>
> ---
>  include/linux/audit.h |    3 +--
>  1 files changed, 1 insertions(+), 2 deletions(-)
> 
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index ab40f49..af4762b 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -456,8 +456,7 @@ void audit_core_dumps(long signr);
>  
>  static inline void audit_seccomp(unsigned long syscall, long signr, int code)
>  {
> -	if (unlikely(!audit_dummy_context()))
> -		__audit_seccomp(syscall, signr, code);
> +	__audit_seccomp(syscall, signr, code);
>  }
>  
>  static inline void audit_ptrace(struct task_struct *t)
> -- 
> 1.7.0.4
> 
> 
> -- 
> Kees Cook
>

Patch

diff --git a/include/linux/audit.h b/include/linux/audit.h
index ab40f49..af4762b 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -456,8 +456,7 @@  void audit_core_dumps(long signr);
 
 static inline void audit_seccomp(unsigned long syscall, long signr, int code)
 {
-	if (unlikely(!audit_dummy_context()))
-		__audit_seccomp(syscall, signr, code);
+	__audit_seccomp(syscall, signr, code);
 }
 
 static inline void audit_ptrace(struct task_struct *t)