Linux Headquarters
[ Register ]
[ About us ] [ Home Page ]

Advertisement
[ Kernel ] [ Documentation ] [ Links ] [ Books ]

Advertisement

Kernel v2.6.25-rc7 /security/selinux/avc.c

Filename:/security/selinux/avc.c
Lines Added:22
Lines Deleted:8
Also changed in: (Previous) 2.6.25-rc6  2.6.25-rc5  2.6.25-rc4  2.6.25-rc3  2.6.25-rc2  2.6.25-rc1-git4 
(Following) 2.6.25-rc8  2.6.25-rc9  2.6.25  2.6.25-git1  2.6.25-git2  2.6.25-git3 

Location
[  2.6.25-rc7
  [  security
    [  selinux
       o  avc.c

Patch

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 81b3dff..187964e 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -568,10 +568,11 @@ void avc_audit(u32 ssid, u32 tsid,
          audit_log_format(ab, " capability=%d", a->u.cap);
          break;
       case AVC_AUDIT_DATA_FS:
-         if (a->u.fs.dentry) {
-            struct dentry *dentry = a->u.fs.dentry;
-            if (a->u.fs.mnt) {
-               audit_log_d_path(ab, "path=", dentry, a->u.fs.mnt);
+         if (a->u.fs.path.dentry) {
+            struct dentry *dentry = a->u.fs.path.dentry;
+            if (a->u.fs.path.mnt) {
+               audit_log_d_path(ab, "path=",
+                      &a->u.fs.path);
             } else {
                audit_log_format(ab, " name=");
                audit_log_untrustedstring(ab, dentry->d_name.name);
@@ -626,8 +627,12 @@ void avc_audit(u32 ssid, u32 tsid,
             case AF_UNIX:
                u = unix_sk(sk);
                if (u->dentry) {
+                  struct path path = {
+                     .dentry = u->dentry,
+                     .mnt = u->mnt
+                  };
                   audit_log_d_path(ab, "path=",
-                         u->dentry, u->mnt);
+                         &path);
                   break;
                }
                if (!u->addr)
@@ -661,9 +666,18 @@ void avc_audit(u32 ssid, u32 tsid,
                       "daddr", "dest");
             break;
          }
-         if (a->u.net.netif)
-            audit_log_format(ab, " netif=%s",
-               a->u.net.netif);
+         if (a->u.net.netif > 0) {
+            struct net_device *dev;
+
+            /* NOTE: we always use init's namespace */
+            dev = dev_get_by_index(&init_net,
+                         a->u.net.netif);
+            if (dev) {
+               audit_log_format(ab, " netif=%s",
+                      dev->name);
+               dev_put(dev);
+            }
+         }
          break;
       }
    }


Comments: webmaster (at) linuxhq.com.
Advertising: banners (at) linuxhq.com.
Compilation ©1998-2008 Linux Headquarters, Inc.