Patchwork [2/2] seccomp: forcing auditing of kill condition

login
register
mail settings
Submitter Tim Gardner
Date Nov. 19, 2012, 6:52 p.m.
Message ID <1353351139-26868-2-git-send-email-tim.gardner@canonical.com>
Download mbox | patch
Permalink /patch/200131/
State New
Headers show

Comments

Tim Gardner - Nov. 19, 2012, 6:52 p.m.
From: Kees Cook <kees@ubuntu.com>

BugLink: http://bugs.launchpad.net/bugs/1079469

Instead of auditing all seccomp actions, only force the reporting of
those that kill a process. All others should be checked for an existing
audit context on the process. (This improves the adjustment that
commit 426ae7eee59e3de2a4c14ccfc30df0a7d64709fe was attempting.)

Signed-off-by: Kees Cook <kees@ubuntu.com>
Acked-by: Herton Krzesinski <herton.krzesinski@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
 kernel/seccomp.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index ee376be..9002cfa 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -443,7 +443,7 @@  int __secure_computing(int this_syscall)
 #ifdef SECCOMP_DEBUG
 	dump_stack();
 #endif
-	audit_seccomp(this_syscall, exit_sig, ret);
+	__audit_seccomp(this_syscall, exit_sig, ret);
 	do_exit(exit_sig);
 #ifdef CONFIG_SECCOMP_FILTER
 skip: