Received: by 10.213.65.16 with SMTP id m16csp194237imf; Sun, 11 Mar 2018 23:38:36 -0700 (PDT) X-Google-Smtp-Source: AG47ELsPRbE+NFMFDLLSn8Up6u9/fU7/73ADf5TFsXGA0EwUYnilBHm81Yzz9+9je3jxHnC/OOj/ X-Received: by 10.98.15.137 with SMTP id 9mr6948928pfp.216.1520836716436; Sun, 11 Mar 2018 23:38:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520836716; cv=none; d=google.com; s=arc-20160816; b=ksFYIHuH/CFMTuci+Uc9NyerFZ4XYEOm52LhJv/vrpPVw3A5xFS2kENqvgyBMbwzH5 VkChB2L9g3wJlHmeKG6jbiTXllwU2X9XbTihemJANSJ/uhdroCTL2i1hfvimHfY0A7NQ ZdwJIxcXjzF+gr807axdTrrqdhFwwLlkU94qkcSVqBpPcnZrQ2uw86rPN/EvAZd5ilur IDbcbzBzPMxq2qBEGwA4Rk2cWZkfYqYu3hfKwNQB25etqpicpsk9z3hSbD1Z63ikiQSm oPzWHjWL5nK/3eY3j4LztIOL0Y0D6K5cnmTEx9K8AF0RqtWy4UeUG2RqcZwkXpZzhTgE ZLHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=1LLn3aM7VBqLYrhQg/1HelGiM36/smmKu0/R+KefiYU=; b=zzV59RQqHJMw+v/KRHliSyn6duUCF5aPrhgGVxTrR2kwjlze9uKddb3+j/2hUyemK8 LZPl4cEum2EBMDPbkSZbI/DI4CtHOwCf6MD+ZaOe4n4JmR7ju4knsohICynBP4ZjO70G DxiHSx05abfVAZ0PcQHH13UlufgJZDM5ykx0E5Pvx3xCmSoUvqnL1Eb5v6Nk34rlsgDu GIk21eQTR+FyESN/XO4VBC1c8ce5lK1BEyZC0r+1XZ50+k7AYzEa7lTlLXr5NkdMq79A YRLRlo27m40ElhIrN1xeHywp3SunMgBcGbhZEUopKMOr4TTwPXRmp3xO6auc0xn7N60h yngg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b34-v6si5530561plc.439.2018.03.11.23.38.08; Sun, 11 Mar 2018 23:38:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751999AbeCLGgf (ORCPT + 99 others); Mon, 12 Mar 2018 02:36:35 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:60152 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751976AbeCLGgd (ORCPT ); Mon, 12 Mar 2018 02:36:33 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 83F5B76FBA; Mon, 12 Mar 2018 06:36:32 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-12.rdu2.redhat.com [10.10.112.12]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0962D1C71B; Mon, 12 Mar 2018 06:36:30 +0000 (UTC) From: Richard Guy Briggs To: Linux-Audit Mailing List , LKML Cc: Eric Paris , Paul Moore , Steve Grubb , Kees Cook , Richard Guy Briggs Subject: [PATCH ghak21 V2 3/4] audit: add refused symlink to audit_names Date: Mon, 12 Mar 2018 02:31:19 -0400 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Mon, 12 Mar 2018 06:36:32 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Mon, 12 Mar 2018 06:36:32 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'rgb@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Audit link denied events for symlinks had duplicate PATH records rather than just updating the existing PATH record. Update the symlink's PATH record with the current dentry and inode information. See: https://github.com/linux-audit/audit-kernel/issues/21 Signed-off-by: Richard Guy Briggs --- fs/namei.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/namei.c b/fs/namei.c index 50d2533..00f5041 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -945,6 +945,7 @@ static inline int may_follow_link(struct nameidata *nd) if (nd->flags & LOOKUP_RCU) return -ECHILD; + audit_inode(nd->name, nd->stack[0].link.dentry, 0); audit_log_link_denied("follow_link", &nd->stack[0].link); return -EACCES; } -- 1.8.3.1