[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

patch suggested by rgb for fixing auditd logs for clone syscall shows exit code as container namespace pid of child process instead of host namespace



Hi Guys,

Please refer to the issue details at github :
https://github.com/linux-audit/audit-kernel/issues/68

Here is a patch as suggested by rgb, i can confirm that it works.


diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index ecc23e2..9a78ecb 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1557,6 +1557,11 @@ void __audit_syscall_exit(int success, long return_code)
 {
        struct task_struct *tsk = current;
        struct audit_context *context;
+
+        rcu_read_lock();
+        return_code = pid_nr(find_vpid((int) return_code));
+        rcu_read_unlock();
+

        if (success)
                success = AUDITSC_SUCCESS;


Kindly review.

Regards,
Madzcar


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]