We are interested in using auditing's context pathname information. Is this the best way of accessing it?
Add support for accessing auditing's inode full pathname. Signed-off-by: Mimi Zohar <[EMAIL PROTECTED]> Index: security-testing-2.6/include/linux/audit.h =================================================================== --- security-testing-2.6.orig/include/linux/audit.h +++ security-testing-2.6/include/linux/audit.h @@ -403,6 +403,8 @@ extern void audit_syscall_entry(int arch unsigned long a2, unsigned long a3); extern void audit_syscall_exit(int failed, long return_code); extern void __audit_getname(const char *name); +extern const char *audit_get_inode_pathname(struct task_struct *tsk, + struct inode *inode); extern void audit_putname(const char *name); extern void __audit_inode(const char *name, const struct dentry *dentry); extern void __audit_inode_child(const char *dname, const struct dentry *dentry, Index: security-testing-2.6/kernel/auditsc.c =================================================================== --- security-testing-2.6.orig/kernel/auditsc.c +++ security-testing-2.6/kernel/auditsc.c @@ -1677,6 +1677,28 @@ retry: #endif } +const char *audit_get_inode_pathname(struct task_struct *tsk, + struct inode *inode) +{ + struct audit_context *context; + int idx; + + context = tsk->audit_context; + if (!context) + return NULL; + for (idx = 0; idx < context->name_count; idx++) { + struct audit_names *n = &context->names[idx]; + + if (!n->name) + continue; + + if (n->ino == inode->i_ino) + return n->name; + } + return NULL; +} +EXPORT_SYMBOL_GPL(audit_get_inode_pathname); + /** * audit_getname - add a name to the list * @name: name to add -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit