Received: by 10.223.185.116 with SMTP id b49csp238825wrg; Thu, 8 Mar 2018 16:32:17 -0800 (PST) X-Google-Smtp-Source: AG47ELsc7ZS7hinziSAsMMAM+I0mspSXkKidhYReg4vAoz2Xk3XBqjlyo/PrEbMeTNBZ/GnKiLRU X-Received: by 2002:a17:902:bcc6:: with SMTP id o6-v6mr25817135pls.16.1520555537518; Thu, 08 Mar 2018 16:32:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520555537; cv=none; d=google.com; s=arc-20160816; b=oRDFzUJEfarJJ+oD4oi9eSZjooe/zRukLZ9LxX7yvwywwplRpsS9Ig/Jg9zmUZ8qJr Jigf/hodZ31WfeRgrm+yLQ43kS/QrM6qc05tNfPxPN6nI4BdmXQ+3rQGyr6xw853prLu C/BgBtV5RZ+qWG9koh16pn94gT0pYEjWLb/FDqf/ax7rkKco5HWzubz6BU67mLRa88/o Hx6CynXDLDCrxgDgBFlrRgqMQGpk5j7GcewguRLEZ4pA0yLA8FDyX8cXljA58VSMmp7Y swRT1bM9+i+d92e7cFs8/jcuFSU7k318g3XVAyNuczMxDEwyY5ZkZY30engNHg63mzL1 bylA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=F+Jw+aseeejgGv4KEkfujPpyfolbImrnfb042lhmAqw=; b=vwMLkqxpabo97B6X9LxprWiFpZsXXCmOLfmy1naf/rymc1hNxLs2yfR71ecCSBcQzf wyC8zzP8XGZ3dl8gOJt6bXC9H7Rdi/IySyLid0A7v2Zz7ejMRtocf32ggb0YkPiWsKvF bAwMdchKx44nbeWA95FnKSKNr3cszppAtan0ZB6saiYUpBolyA3MgvuUPrL1VBwJQ+uM PQElMOleQ5UPE+lk2igz5Bmy/L/Nft0fFNLyKvguc4oIHi2kZD52BnYQtcpfSlY1XQvF OMTGzBOvUQxjCBDj45rKgNveMNjXQeYJsFzKoB3YXGrrc679tNwQeKNrO5zvhn9OidwQ 3Leg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=SLWuH0h3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y2si13803497pgs.359.2018.03.08.16.32.02; Thu, 08 Mar 2018 16:32:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=SLWuH0h3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751682AbeCIAaT (ORCPT + 99 others); Thu, 8 Mar 2018 19:30:19 -0500 Received: from mail-lf0-f66.google.com ([209.85.215.66]:45856 "EHLO mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751237AbeCIAaS (ORCPT ); Thu, 8 Mar 2018 19:30:18 -0500 Received: by mail-lf0-f66.google.com with SMTP id h127-v6so10875802lfg.12 for ; Thu, 08 Mar 2018 16:30:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=F+Jw+aseeejgGv4KEkfujPpyfolbImrnfb042lhmAqw=; b=SLWuH0h3TdLmv1fi1wzvZYwvpsMWXGFejeXSIk2Di7g7yyl4I1bsnM8DuMN0FPJpw2 gzZ9sk8zUJB2U9rhpI0mBi1O4ggh7RuGZUAZowi12QJX7WJlvNZrBfLnEaOD2DJxfjFS VFkWimg/mZR6LrxFWl4MDUDdXWup63xWmHSOrRl7lpqMVJ7x4GpLQUXT+JGalett7Bh2 J3Ox9TMCRFi7s3wz3Vwbe5IHUugjxLLWfWyMMHVr1mwqdfRXaywlz8SHraubxp31hlPY sJuXWZZADFzZCHG7pMrFi40Ga9tc/IvtwRQshtfvn4qlKlQ4+KZFsckNrrQGg63n8Yhl 5fAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=F+Jw+aseeejgGv4KEkfujPpyfolbImrnfb042lhmAqw=; b=sXvlgvZCIYVDjvChkIfDWwLSQ/GPD3ThqedImTsUavodZhRTZT+ayi8dnkrZGxkfaX alzc1IbYw2tDjNcr2sYui2a3WobuJ5Bvg+sEeHJk6sQPtUwK9xZONjM4PkpL5c1yCw5r kEuhTiKNQkAuJm0OfwZcL+/DsDL+RxttfStqiWm+SK7CYQqsg2dWf8eNVQWG9e4XHRTM XTOHsf0ABXbJ5j9VwovB8Pb5I044Aig0yuOXq9V8tTv9mRpz8E69NUz5x+e3UCFQ0q42 0Slf9mwFFi5ECPEIxjIphnC8ufSytyZj1DiOiM7gE6jrBdgeeNO0T8lNHncHorZcFlVn 2MYw== X-Gm-Message-State: AElRT7FC0Gv2Bpcf2eJJZBj3/UU4GuTVPi1VC8irqG3ICTxwRojMx4tU kXkC3hWSjEvoVb7VbufE2c5abyJJhbrb9WWlvv/I X-Received: by 10.25.205.76 with SMTP id d73mr19282471lfg.12.1520555417205; Thu, 08 Mar 2018 16:30:17 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.216.167 with HTTP; Thu, 8 Mar 2018 16:30:16 -0800 (PST) X-Originating-IP: [108.20.156.165] In-Reply-To: References: From: Paul Moore Date: Thu, 8 Mar 2018 19:30:16 -0500 Message-ID: Subject: Re: [RFC PATCH ghak21 3/4] audit: add refused symlink to audit_names To: Richard Guy Briggs Cc: Linux-Audit Mailing List , LKML , Eric Paris , Steve Grubb , Kees Cook Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 14, 2018 at 11:18 AM, Richard Guy Briggs wrote: > Audit link denied events for symlinks had duplicate PATH records rather > than just updating the existing PATH record. Update the symlink's PATH > record with the current dentry and inode information. > > See: https://github.com/linux-audit/audit-kernel/issues/21 > Signed-off-by: Richard Guy Briggs > --- > fs/namei.c | 1 + > 1 file changed, 1 insertion(+) Merged. > diff --git a/fs/namei.c b/fs/namei.c > index 9cc91fb..0edf133 100644 > --- a/fs/namei.c > +++ b/fs/namei.c > @@ -945,6 +945,7 @@ static inline int may_follow_link(struct nameidata *nd) > if (nd->flags & LOOKUP_RCU) > return -ECHILD; > > + audit_inode(nd->name, nd->stack[0].link.dentry, 0); > audit_log_link_denied("follow_link", &nd->stack[0].link); > return -EACCES; > } > -- > 1.8.3.1 > -- paul moore www.paul-moore.com