audit: Use struct net not pid_t to remember the network namespce to reply in In struct audit_netlink_list and audit_reply add a reference to the network namespace of the caller and remove the userspace pid of the caller. This cleanly remembers the callers network namespace, and removes a huge class of races and nasty failure modes that can occur when attempting to relook up the callers network namespace from a pid_t (including the caller's network namespace changing, pid wraparound, and the pid simply not being present). Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

commit: 48095d991d85687569ac025b18a6c7ae1632c9f7 [log] [tgz]
author: Eric W. Biederman <ebiederm@xmission.com> Mon Feb 03 17:25:33 2014 -0800
committer: Eric W. Biederman <ebiederm@xmission.com> Fri Feb 28 04:04:33 2014 -0800
tree: f26908756c405000b301410ab2294ad7d69ca300
parent: 38dbfb59d1175ef458d006556061adeaa8751b72 [diff] [blame]
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 14a78cc..a5e3d73d 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c

@@ -29,6 +29,7 @@
 #include <linux/sched.h>
 #include <linux/slab.h>
 #include <linux/security.h>
+#include <net/net_namespace.h>
 #include "audit.h"
 
 /*
@@ -1083,8 +1084,8 @@
 	dest = kmalloc(sizeof(struct audit_netlink_list), GFP_KERNEL);
 	if (!dest)
 		return -ENOMEM;
+	dest->net = get_net(current->nsproxy->net_ns);
 	dest->portid = portid;
-	dest->pid = task_pid_vnr(current);
 	skb_queue_head_init(&dest->q);
 
 	mutex_lock(&audit_filter_mutex);
commit	48095d991d85687569ac025b18a6c7ae1632c9f7	[log] [tgz]
author	Eric W. Biederman <ebiederm@xmission.com>	Mon Feb 03 17:25:33 2014 -0800
committer	Eric W. Biederman <ebiederm@xmission.com>	Fri Feb 28 04:04:33 2014 -0800
tree	f26908756c405000b301410ab2294ad7d69ca300
parent	38dbfb59d1175ef458d006556061adeaa8751b72 [diff] [blame]