tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'audit-pr-20240911' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Pull audit updates from Paul Moore:

- Fix some remaining problems with PID/TGID reporting

When most users think about PIDs, what they are really thinking about
is the TGID. This commit shifts the audit PID logging and filtering
to use the TGID value which should provide a more meaningful audit
stream and filtering experience for users.

- Migrate to the str_enabled_disabled() helper

Evidently we have helper functions that help ensure if we mistype
"enabled" or "disabled" it is now caught at compile time. I guess
we're fancy now.

* tag 'audit-pr-20240911' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
audit: Make use of str_enabled_disabled() helper
audit: use task_tgid_nr() instead of task_pid_nr()

Linus Torvalds dc644fba 43a64bd0

+4 -4
+2 -2
kernel/audit.c
··· 1612 1612 cred = current_cred(); 1613 1613 tty = audit_get_tty(); 1614 1614 audit_log_format(ab, "pid=%u uid=%u auid=%u tty=%s ses=%u", 1615 - task_pid_nr(current), 1615 + task_tgid_nr(current), 1616 1616 from_kuid(&init_user_ns, cred->uid), 1617 1617 from_kuid(&init_user_ns, audit_get_loginuid(current)), 1618 1618 tty ? tty_name(tty) : "(none)", ··· 1706 1706 audit_cmd_mutex.owner = NULL; 1707 1707 1708 1708 pr_info("initializing netlink subsys (%s)\n", 1709 - audit_default ? "enabled" : "disabled"); 1709 + str_enabled_disabled(audit_default)); 1710 1710 register_pernet_subsys(&audit_net_ops); 1711 1711 1712 1712 audit_initialized = AUDIT_INITIALIZED;
+1 -1
kernel/auditfilter.c
··· 1344 1344 1345 1345 switch (f->type) { 1346 1346 case AUDIT_PID: 1347 - pid = task_pid_nr(current); 1347 + pid = task_tgid_nr(current); 1348 1348 result = audit_comparator(pid, f->op, f->val); 1349 1349 break; 1350 1350 case AUDIT_UID:
+1 -1
kernel/auditsc.c
··· 2933 2933 audit_log_format(ab, "table=%s family=%u entries=%u op=%s", 2934 2934 name, af, nentries, audit_nfcfgs[op].s); 2935 2935 2936 - audit_log_format(ab, " pid=%u", task_pid_nr(current)); 2936 + audit_log_format(ab, " pid=%u", task_tgid_nr(current)); 2937 2937 audit_log_task_context(ab); /* subj= */ 2938 2938 audit_log_format(ab, " comm="); 2939 2939 audit_log_untrustedstring(ab, get_task_comm(comm, current));