Received: by 10.223.185.116 with SMTP id b49csp885553wrg; Wed, 14 Feb 2018 08:25:02 -0800 (PST) X-Google-Smtp-Source: AH8x224bi0svlHo1DWlH+zoh2fdp2NGiSrPOgTH2oaFyL1Tq8eK3VdaxqdI1DSRpwDIkMMQqmb3W X-Received: by 2002:a17:902:6116:: with SMTP id t22-v6mr4971589plj.307.1518625502220; Wed, 14 Feb 2018 08:25:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518625502; cv=none; d=google.com; s=arc-20160816; b=kmxXAcraQHGCe60QogLiemjRVbXo/CZegx6hSGaumHwJpFIrSfDePn9yQ0KPz/Puau R/Dg9UpwZ4p8GrmlMcUHmyzALY+0N4Y7VX5oiRE0qgyyCVILc3PZLLghTaAgToQHUEOx ukfzR1WwtIElq1QUQqdt3ykr3pv8DLO5HqAB+YT71zD/IADd43kvne67u2cLYsruCAGk u0YVV5hYIDDa8dCp4p3SaJey/b4XS8vhQDA7IjeO4WEXrzkKH8ERvlaUI4rqxtuxymJX BAxR7vQSXHF/2y2noGhDOqyLVHzsgJKPri90YVcje13/gwjpYRuEl84OB0obC3Mi9zNT F7SQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=7Qwy1mibc2Td40IsrnzpiCL1i9qepk6c34KDbJ2rJLQ=; b=kZJr4wm8VIlT0x8C1KWYoRj42/a2rOxe/73ZoN+pIGs9j07NG7fOX1VOtH1E9rMmYg nOQTkAaf5Q1XBCJhTpeCrWq0N2A62EVpCcqnqqEwp1HF6yh4BhVtqh2gL6lk6tzCMfN7 g+N5Q1Gtxe/m+VnM/1m7+CIQnU0UVk8fdmrP+SkMgPf39Fn4J+Y6TpXe22UhKNHNEI3e /J5/r94hzxvuwqSmLHvqmNa/lDVJ3/AAIL3j/X/SAVI8i2CDeVrT6Zx1X+ExL6lx6IWE Z/leOJw3MPmjmGNpliHeBpW1KHqzCDBlP90LSFTa/S638yRRm7sp16roWBiRlMJ1mRu4 d6oQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f7si2971084pgn.183.2018.02.14.08.24.45; Wed, 14 Feb 2018 08:25:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1032500AbeBNQXW (ORCPT + 99 others); Wed, 14 Feb 2018 11:23:22 -0500 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:40212 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1032416AbeBNQW5 (ORCPT ); Wed, 14 Feb 2018 11:22:57 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0369640201A0; Wed, 14 Feb 2018 16:22:57 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-12.rdu2.redhat.com [10.10.112.12]) by smtp.corp.redhat.com (Postfix) with ESMTP id 76AD01010409; Wed, 14 Feb 2018 16:22:55 +0000 (UTC) From: Richard Guy Briggs To: Linux-Audit Mailing List , LKML Cc: Eric Paris , Paul Moore , Steve Grubb , Kees Cook , Richard Guy Briggs Subject: [RFC PATCH ghak21 3/4] audit: add refused symlink to audit_names Date: Wed, 14 Feb 2018 11:18:23 -0500 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 14 Feb 2018 16:22:57 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 14 Feb 2018 16:22:57 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'rgb@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Audit link denied events for symlinks had duplicate PATH records rather than just updating the existing PATH record. Update the symlink's PATH record with the current dentry and inode information. See: https://github.com/linux-audit/audit-kernel/issues/21 Signed-off-by: Richard Guy Briggs --- fs/namei.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/namei.c b/fs/namei.c index 9cc91fb..0edf133 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -945,6 +945,7 @@ static inline int may_follow_link(struct nameidata *nd) if (nd->flags & LOOKUP_RCU) return -ECHILD; + audit_inode(nd->name, nd->stack[0].link.dentry, 0); audit_log_link_denied("follow_link", &nd->stack[0].link); return -EACCES; } -- 1.8.3.1