Received: by 10.223.185.116 with SMTP id b49csp885553wrg;
        Wed, 14 Feb 2018 08:25:02 -0800 (PST)
X-Google-Smtp-Source: AH8x224bi0svlHo1DWlH+zoh2fdp2NGiSrPOgTH2oaFyL1Tq8eK3VdaxqdI1DSRpwDIkMMQqmb3W
X-Received: by 2002:a17:902:6116:: with SMTP id t22-v6mr4971589plj.307.1518625502220;
        Wed, 14 Feb 2018 08:25:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518625502; cv=none;
        d=google.com; s=arc-20160816;
        b=kmxXAcraQHGCe60QogLiemjRVbXo/CZegx6hSGaumHwJpFIrSfDePn9yQ0KPz/Puau
         R/Dg9UpwZ4p8GrmlMcUHmyzALY+0N4Y7VX5oiRE0qgyyCVILc3PZLLghTaAgToQHUEOx
         ukfzR1WwtIElq1QUQqdt3ykr3pv8DLO5HqAB+YT71zD/IADd43kvne67u2cLYsruCAGk
         u0YVV5hYIDDa8dCp4p3SaJey/b4XS8vhQDA7IjeO4WEXrzkKH8ERvlaUI4rqxtuxymJX
         BAxR7vQSXHF/2y2noGhDOqyLVHzsgJKPri90YVcje13/gwjpYRuEl84OB0obC3Mi9zNT
         F7SQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=7Qwy1mibc2Td40IsrnzpiCL1i9qepk6c34KDbJ2rJLQ=;
        b=kZJr4wm8VIlT0x8C1KWYoRj42/a2rOxe/73ZoN+pIGs9j07NG7fOX1VOtH1E9rMmYg
         nOQTkAaf5Q1XBCJhTpeCrWq0N2A62EVpCcqnqqEwp1HF6yh4BhVtqh2gL6lk6tzCMfN7
         g+N5Q1Gtxe/m+VnM/1m7+CIQnU0UVk8fdmrP+SkMgPf39Fn4J+Y6TpXe22UhKNHNEI3e
         /J5/r94hzxvuwqSmLHvqmNa/lDVJ3/AAIL3j/X/SAVI8i2CDeVrT6Zx1X+ExL6lx6IWE
         Z/leOJw3MPmjmGNpliHeBpW1KHqzCDBlP90LSFTa/S638yRRm7sp16roWBiRlMJ1mRu4
         d6oQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f7si2971084pgn.183.2018.02.14.08.24.45;
        Wed, 14 Feb 2018 08:25:02 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1032500AbeBNQXW (ORCPT <rfc822;rmelvin.vger@gmail.com>
        + 99 others); Wed, 14 Feb 2018 11:23:22 -0500
Received: from mx3-rdu2.redhat.com ([66.187.233.73]:40212 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1032416AbeBNQW5 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 14 Feb 2018 11:22:57 -0500
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 0369640201A0;
        Wed, 14 Feb 2018 16:22:57 +0000 (UTC)
Received: from madcap2.tricolour.ca (ovpn-112-12.rdu2.redhat.com [10.10.112.12])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 76AD01010409;
        Wed, 14 Feb 2018 16:22:55 +0000 (UTC)
From:   Richard Guy Briggs <rgb@redhat.com>
To:     Linux-Audit Mailing List <linux-audit@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>
Cc:     Eric Paris <eparis@redhat.com>, Paul Moore <paul@paul-moore.com>,
        Steve Grubb <sgrubb@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        Richard Guy Briggs <rgb@redhat.com>
Subject: [RFC PATCH ghak21 3/4] audit: add refused symlink to audit_names
Date:   Wed, 14 Feb 2018 11:18:23 -0500
Message-Id: <a1450ecfc2dd21c347a8a0037a9545a012bf4349.1518603831.git.rgb@redhat.com>
In-Reply-To: <cover.1518603831.git.rgb@redhat.com>
References: <cover.1518603831.git.rgb@redhat.com>
In-Reply-To: <cover.1518603831.git.rgb@redhat.com>
References: <cover.1518603831.git.rgb@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 14 Feb 2018 16:22:57 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 14 Feb 2018 16:22:57 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'rgb@redhat.com' RCPT:''
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Audit link denied events for symlinks had duplicate PATH records rather
than just updating the existing PATH record.  Update the symlink's PATH
record with the current dentry and inode information.

See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
 fs/namei.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/namei.c b/fs/namei.c
index 9cc91fb..0edf133 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -945,6 +945,7 @@ static inline int may_follow_link(struct nameidata *nd)
 	if (nd->flags & LOOKUP_RCU)
 		return -ECHILD;
 
+	audit_inode(nd->name, nd->stack[0].link.dentry, 0);
 	audit_log_link_denied("follow_link", &nd->stack[0].link);
 	return -EACCES;
 }
-- 
1.8.3.1