[PATCH] audit: consistently record PIDs with task_tgid_nr()
Paul Moore
pmoore at redhat.com
Tue Aug 30 21:15:51 UTC 2016
On Tue, Aug 30, 2016 at 5:13 PM, Paul Moore <pmoore at redhat.com> wrote:
> From: Paul Moore <paul at paul-moore.com>
>
> Unfortunately we record PIDs in audit records using a variety of
> methods despite the correct way being the use of task_tgid_nr().
> This patch converts all of these callers, except for the case of
> AUDIT_SET in audit_receive_msg() (see the comment in the code).
>
> Reported-by: Jeff Vander Stoep <jeffv at google.com>
> Signed-off-by: Paul Moore <paul at paul-moore.com>
> ---
> kernel/audit.c | 8 +++++++-
> kernel/auditsc.c | 12 ++++++------
> security/lsm_audit.c | 4 ++--
> 3 files changed, 15 insertions(+), 9 deletions(-)
I forgot to tag this with "RFC". This patch compiles but I haven't
had a chance to test it yet so it isn't going into audit#next just
yet; if you have any concerns, now is the time to voice them.
--
paul moore
security @ redhat
More information about the Linux-audit
mailing list