From patchwork Mon Nov 19 18:52:19 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [2/2] seccomp: forcing auditing of kill condition
Date: Mon, 19 Nov 2012 08:52:19 -0000
From: Tim Gardner <tim.gardner@canonical.com>
X-Patchwork-Id: 200131
Message-Id: <1353351139-26868-2-git-send-email-tim.gardner@canonical.com>
To: kernel-team@lists.ubuntu.com

From: Kees Cook <kees@ubuntu.com>

BugLink: http://bugs.launchpad.net/bugs/1079469

Instead of auditing all seccomp actions, only force the reporting of
those that kill a process. All others should be checked for an existing
audit context on the process. (This improves the adjustment that
commit 426ae7eee59e3de2a4c14ccfc30df0a7d64709fe was attempting.)

Signed-off-by: Kees Cook <kees@ubuntu.com>
Acked-by: Herton Krzesinski <herton.krzesinski@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

---
kernel/seccomp.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index ee376be..9002cfa 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -443,7 +443,7 @@ int __secure_computing(int this_syscall)
 #ifdef SECCOMP_DEBUG
 	dump_stack();
 #endif
-	audit_seccomp(this_syscall, exit_sig, ret);
+	__audit_seccomp(this_syscall, exit_sig, ret);
 	do_exit(exit_sig);
 #ifdef CONFIG_SECCOMP_FILTER
 skip: