[PATCH][SELINUX] 7/7 Add dname to audit output when a path cannotbe generated.

From: James Morris
Date: Fri Jan 09 2004 - 10:49:40 EST

Next message: James Morris: "[PATCH][SELINUX] 4/7 Add node_bind control"
Previous message: James Morris: "[PATCH][SELINUX] 5/7 socket_has_perm cleanup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch against 2.6.1-mm1 adds dname to audit output when a path cannot
be generated. This makes analysis of SELinux audit logs easier.

Patch by Stephen Smalley <sds@xxxxxxxxxxxxxx>.

Please apply.

avc.c | 13 +++++++++++--
1 files changed, 11 insertions(+), 2 deletions(-)

diff -urN -X dontdiff linux-2.6.1-rc2.pending/security/selinux/avc.c linux-2.6.1-rc2.w1/security/selinux/avc.c
--- linux-2.6.1-rc2.pending/security/selinux/avc.c 2004-01-07 11:50:22.567223632 -0500
+++ linux-2.6.1-rc2.w1/security/selinux/avc.c 2004-01-07 12:00:02.522057096 -0500
@@ -575,17 +575,26 @@
break;
case AVC_AUDIT_DATA_FS:
if (a->u.fs.dentry) {
+ struct dentry *dentry = a->u.fs.dentry;
if (a->u.fs.mnt) {
- p = d_path(a->u.fs.dentry,
+ p = d_path(dentry,
a->u.fs.mnt,
avc_audit_buffer,
PAGE_SIZE);
if (p)
printk(" path=%s", p);
+ } else {
+ printk(" name=%s", dentry->d_name.name);
}
- inode = a->u.fs.dentry->d_inode;
+ inode = dentry->d_inode;
} else if (a->u.fs.inode) {
+ struct dentry *dentry;
inode = a->u.fs.inode;
+ dentry = d_find_alias(inode);
+ if (dentry) {
+ printk(" name=%s", dentry->d_name.name);
+ dput(dentry);
+ }
}
if (inode)
printk(" dev=%s ino=%ld",

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Morris: "[PATCH][SELINUX] 4/7 Add node_bind control"
Previous message: James Morris: "[PATCH][SELINUX] 5/7 socket_has_perm cleanup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]