git.openwrt.org Git - openwrt/staging/blogic.git/commit

author	Kees Cook <[email protected]>
	Fri, 11 Jan 2013 22:32:05 +0000 (14:32 -0800)
committer	Linus Torvalds <[email protected]>
	Fri, 11 Jan 2013 22:54:55 +0000 (14:54 -0800)
commit	7b9205bd775afc4439ed86d617f9042ee9e76a71
tree	cfb91447f15301d7daccc73bda12a63fde6a229d	tree \| snapshot
parent	56ca9d98772c68368c929ab41d42108319a38da2	commit \| diff

audit: create explicit AUDIT_SECCOMP event type

The seccomp path was using AUDIT_ANOM_ABEND from when seccomp mode 1
could only kill a process. While we still want to make sure an audit
record is forced on a kill, this should use a separate record type since
seccomp mode 2 introduces other behaviors.

In the case of "handled" behaviors (process wasn't killed), only emit a
record if the process is under inspection. This change also fixes
userspace examination of seccomp audit events, since it was considered
malformed due to missing fields of the AUDIT_ANOM_ABEND event type.

Signed-off-by: Kees Cook <[email protected]>
Cc: Al Viro <[email protected]>
Cc: Eric Paris <[email protected]>
Cc: Jeff Layton <[email protected]>
Cc: "Eric W. Biederman" <[email protected]>
Cc: Julien Tinnes <[email protected]>
Acked-by: Will Drewry <[email protected]>
Acked-by: Steve Grubb <[email protected]>
Cc: Andrea Arcangeli <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>

include/linux/audit.h		diff \| blob \| history
include/uapi/linux/audit.h		diff \| blob \| history
kernel/auditsc.c		diff \| blob \| history