summaryrefslogtreecommitdiff
path: root/kernel/audit.h
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2019-05-10 12:21:49 -0400
committerPaul Moore <paul@paul-moore.com>2019-05-21 22:18:25 -0400
commitb48345aafb203803ccda4488cb5409b1ed435c0a (patch)
tree025ceffb2d6792a15b495c64d9de565c5baf2c9d /kernel/audit.h
parenta188339ca5a396acc588e5851ed7e19f66b0ebd9 (diff)
audit: deliver signal_info regarless of syscall
When a process signals the audit daemon (shutdown, rotate, resume, reconfig) but syscall auditing is not enabled, we still want to know the identity of the process sending the signal to the audit daemon. Move audit_signal_info() out of syscall auditing to general auditing but create a new function audit_signal_info_syscall() to take care of the syscall dependent parts for when syscall auditing is enabled. Please see the github kernel audit issue https://github.com/linux-audit/audit-kernel/issues/111 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/audit.h')
-rw-r--r--kernel/audit.h8
1 files changed, 6 insertions, 2 deletions
diff --git a/kernel/audit.h b/kernel/audit.h
index 2071725a999f..996d94faad43 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -299,7 +299,7 @@ extern const char *audit_tree_path(struct audit_tree *tree);
extern void audit_put_tree(struct audit_tree *tree);
extern void audit_kill_trees(struct audit_context *context);
-extern int audit_signal_info(int sig, struct task_struct *t);
+extern int audit_signal_info_syscall(struct task_struct *t);
extern void audit_filter_inodes(struct task_struct *tsk,
struct audit_context *ctx);
extern struct list_head *audit_killed_trees(void);
@@ -330,7 +330,11 @@ extern struct list_head *audit_killed_trees(void);
#define audit_tree_path(rule) "" /* never called */
#define audit_kill_trees(context) BUG()
-#define audit_signal_info(s, t) AUDIT_DISABLED
+static inline int audit_signal_info_syscall(struct task_struct *t)
+{
+ return 0;
+}
+
#define audit_filter_inodes(t, c) AUDIT_DISABLED
#endif /* CONFIG_AUDITSYSCALL */