audit: Added exe field to audit core dump signal log
authorPaul Davies C <pauldaviesc@gmail.com>
Thu, 21 Nov 2013 02:44:03 +0000 (08:14 +0530)
committerEric Paris <eparis@redhat.com>
Tue, 14 Jan 2014 03:31:38 +0000 (22:31 -0500)
Currently when the coredump signals are logged by the audit system, the
actual path to the executable is not logged. Without details of exe, the
system admin may not have an exact idea on what program failed.

This patch changes the audit_log_task() so that the path to the exe is also
logged.

This was copied from audit_log_task_info() and the latter enhanced to avoid
disappearing text fields.

Signed-off-by: Paul Davies C <pauldaviesc@gmail.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
kernel/audit.c
kernel/auditsc.c

index f207289d686b67714f4ead714f6908566f1fb212..25e4ed0167936dc043131f34c60e0b4e4b6a24bd 100644 (file)
@@ -1859,7 +1859,8 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
                if (mm->exe_file)
                        audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
                up_read(&mm->mmap_sem);
-       }
+       } else
+               audit_log_format(ab, " exe=(null)");
        audit_log_task_context(ab);
 }
 EXPORT_SYMBOL(audit_log_task_info);
index fc3b3dbcc8aa7582945770f7e7f5d2b83ef4bcc0..05634b3ba2443086536cdafe3aa29a065ea79162 100644 (file)
@@ -2353,6 +2353,7 @@ static void audit_log_task(struct audit_buffer *ab)
        kuid_t auid, uid;
        kgid_t gid;
        unsigned int sessionid;
+       struct mm_struct *mm = current->mm;
 
        auid = audit_get_loginuid(current);
        sessionid = audit_get_sessionid(current);
@@ -2366,6 +2367,13 @@ static void audit_log_task(struct audit_buffer *ab)
        audit_log_task_context(ab);
        audit_log_format(ab, " pid=%d comm=", current->pid);
        audit_log_untrustedstring(ab, current->comm);
+       if (mm) {
+               down_read(&mm->mmap_sem);
+               if (mm->exe_file)
+                       audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
+               up_read(&mm->mmap_sem);
+       } else
+               audit_log_format(ab, " exe=(null)");
 }
 
 /**