fs: add link restriction audit reporting Adds audit messages for unexpected link restriction violations so that system owners will have some sort of potentially actionable information about misbehaving processes. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

commit: a51d9eaa41866ab6b4b6ecad7b621f8b66ece0dc [log] [tgz]
author: Kees Cook <keescook@chromium.org> Wed Jul 25 17:29:08 2012 -0700
committer: Al Viro <viro@zeniv.linux.org.uk> Sun Jul 29 21:43:08 2012 +0400
tree: f8ab532f946ec7f9ccdabb6a394d952981084122
parent: 800179c9b8a1e796e441674776d11cd4c05d61d7 [diff] [blame]
diff --git a/fs/namei.c b/fs/namei.c
index 3861d85..618d353 100644
--- a/fs/namei.c
+++ b/fs/namei.c

@@ -692,6 +692,7 @@
 
 	path_put_conditional(link, nd);
 	path_put(&nd->path);
+	audit_log_link_denied("follow_link", link);
 	return -EACCES;
 }
 
@@ -760,6 +761,7 @@
 	    capable(CAP_FOWNER))
 		return 0;
 
+	audit_log_link_denied("linkat", link);
 	return -EPERM;
 }
commit	a51d9eaa41866ab6b4b6ecad7b621f8b66ece0dc	[log] [tgz]
author	Kees Cook <keescook@chromium.org>	Wed Jul 25 17:29:08 2012 -0700
committer	Al Viro <viro@zeniv.linux.org.uk>	Sun Jul 29 21:43:08 2012 +0400
tree	f8ab532f946ec7f9ccdabb6a394d952981084122
parent	800179c9b8a1e796e441674776d11cd4c05d61d7 [diff] [blame]