Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753374AbcD1UHj (ORCPT ); Thu, 28 Apr 2016 16:07:39 -0400 Received: from mail-oi0-f47.google.com ([209.85.218.47]:33292 "EHLO mail-oi0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752630AbcD1UHi (ORCPT ); Thu, 28 Apr 2016 16:07:38 -0400 MIME-Version: 1.0 X-Originating-IP: [108.49.39.189] In-Reply-To: <20160428013140.GD18994@madcap2.tricolour.ca> References: <571A5C54.7050704@hurleysoftware.com> <20160428013140.GD18994@madcap2.tricolour.ca> Date: Thu, 28 Apr 2016 16:07:36 -0400 Message-ID: Subject: Re: [PATCH V4] audit: add tty field to LOGIN event From: Paul Moore To: Richard Guy Briggs , Peter Hurley Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 878 Lines: 24 On Wed, Apr 27, 2016 at 9:31 PM, Richard Guy Briggs wrote: > On 16/04/22, Peter Hurley wrote: >> 2. The existing usage is always tsk==current > > My understanding is that when it is called via: > > copy_process() > audit_free() > __audit_free() > audit_log_exit() > audit_log_task_info() > > then tsk != current. This appears to be the only case which appears to > force lugging around tsk. This is noted in that commit referenced > above. In the case where copy_process() ends up calling __audit_free(), the call to audit_log_exit() is conditional on the audit context in_syscall field being true and unless I missed something, the copied process' audit context should not have in_syscall set to true. -- paul moore www.paul-moore.com