Audit: send signal info if selinux is disabled
Audit will not respond to signal requests if selinux is disabled since it is unable to translate the 0 sid from the sending process to a context. This patch just doesn't send the context info if there isn't any. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
44e51a1b78
commit
939cbf260c
1 changed files with 12 additions and 6 deletions
|
@ -855,18 +855,24 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
|
|||
break;
|
||||
}
|
||||
case AUDIT_SIGNAL_INFO:
|
||||
err = security_secid_to_secctx(audit_sig_sid, &ctx, &len);
|
||||
if (err)
|
||||
return err;
|
||||
len = 0;
|
||||
if (audit_sig_sid) {
|
||||
err = security_secid_to_secctx(audit_sig_sid, &ctx, &len);
|
||||
if (err)
|
||||
return err;
|
||||
}
|
||||
sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);
|
||||
if (!sig_data) {
|
||||
security_release_secctx(ctx, len);
|
||||
if (audit_sig_sid)
|
||||
security_release_secctx(ctx, len);
|
||||
return -ENOMEM;
|
||||
}
|
||||
sig_data->uid = audit_sig_uid;
|
||||
sig_data->pid = audit_sig_pid;
|
||||
memcpy(sig_data->ctx, ctx, len);
|
||||
security_release_secctx(ctx, len);
|
||||
if (audit_sig_sid) {
|
||||
memcpy(sig_data->ctx, ctx, len);
|
||||
security_release_secctx(ctx, len);
|
||||
}
|
||||
audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO,
|
||||
0, 0, sig_data, sizeof(*sig_data) + len);
|
||||
kfree(sig_data);
|
||||
|
|
Loading…
Reference in a new issue