Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
[PATCH] return records for fork() both to child and parent
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+2
include/linux/audit.h
+2
include/linux/audit.h
···
391
391
#ifdef CONFIG_AUDITSYSCALL
392
392
/* These are defined in auditsc.c */
393
393
/* Public API */
394
+
extern void audit_finish_fork(struct task_struct *child);
394
395
extern int audit_alloc(struct task_struct *task);
395
396
extern void audit_free(struct task_struct *task);
396
397
extern void audit_syscall_entry(int arch,
···
505
504
extern int audit_n_rules;
506
505
extern int audit_signals;
507
506
#else
507
+
#define audit_finish_fork(t)
508
508
#define audit_alloc(t) ({ 0; })
509
509
#define audit_free(t) do { ; } while (0)
510
510
#define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
+17
kernel/auditsc.c
+17
kernel/auditsc.c
···
1548
1548
context->ppid = 0;
1549
1549
}
1550
1550
1551
+
void audit_finish_fork(struct task_struct *child)
1552
+
{
1553
+
struct audit_context *ctx = current->audit_context;
1554
+
struct audit_context *p = child->audit_context;
1555
+
if (!p || !ctx || !ctx->auditable)
1556
+
return;
1557
+
p->arch = ctx->arch;
1558
+
p->major = ctx->major;
1559
+
memcpy(p->argv, ctx->argv, sizeof(ctx->argv));
1560
+
p->ctime = ctx->ctime;
1561
+
p->dummy = ctx->dummy;
1562
+
p->auditable = ctx->auditable;
1563
+
p->in_syscall = ctx->in_syscall;
1564
+
p->filterkey = kstrdup(ctx->filterkey, GFP_KERNEL);
1565
+
p->ppid = current->pid;
1566
+
}
1567
+
1551
1568
/**
1552
1569
* audit_syscall_exit - deallocate audit context after a system call
1553
1570
* @tsk: task being audited