path: root/kernel/audit.c
diff options
authorKees Cook <keescook@chromium.org>2019-10-02 16:41:58 -0700
committerPaul Moore <paul@paul-moore.com>2019-10-03 13:59:29 -0400
commit245d73698ed7abdc7e520dfa38048bb80ce89571 (patch)
treefb75f332d9a6efdb29749b6c66b28bafa86f33b2 /kernel/audit.c
parent54ecb8f7028c5eb3d740bb82b0f1d90f2df63c5c (diff)
audit: Report suspicious O_CREAT usage
This renames the very specific audit_log_link_denied() to audit_log_path_denied() and adds the AUDIT_* type as an argument. This allows for the creation of the new AUDIT_ANOM_CREAT that can be used to report the fifo/regular file creation restrictions that were introduced in commit 30aba6656f61 ("namei: allow restricted O_CREAT of FIFOs and regular files"). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/audit.c')
1 files changed, 6 insertions, 5 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index da8dc0db5bd3..d75485aa25ff 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2155,18 +2155,19 @@ void audit_log_task_info(struct audit_buffer *ab)
- * audit_log_link_denied - report a link restriction denial
- * @operation: specific link operation
+ * audit_log_path_denied - report a path restriction denial
+ * @type: audit message type (AUDIT_ANOM_LINK, AUDIT_ANOM_CREAT, etc)
+ * @operation: specific operation name
-void audit_log_link_denied(const char *operation)
+void audit_log_path_denied(int type, const char *operation)
struct audit_buffer *ab;
if (!audit_enabled || audit_dummy_context())
- /* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */
- ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_ANOM_LINK);
+ /* Generate log with subject, operation, outcome. */
+ ab = audit_log_start(audit_context(), GFP_KERNEL, type);
if (!ab)
audit_log_format(ab, "op=%s", operation);

Privacy Policy