Re: [RFC][PATCH] audit: get inode pathname patch

Wed, 06 Aug 2008 11:27:03 -0700 

Quoting Mimi Zohar ([EMAIL PROTECTED]):
> We are interested in using auditing's context pathname information.  
> Is this the best way of accessing it?
> 
> Add support for accessing auditing's inode full pathname.

Interesting idea.  It does seem to do what you need.

-serge

> Signed-off-by: Mimi Zohar <[EMAIL PROTECTED]>
> 
> Index: security-testing-2.6/include/linux/audit.h
> ===================================================================
> --- security-testing-2.6.orig/include/linux/audit.h
> +++ security-testing-2.6/include/linux/audit.h
> @@ -403,6 +403,8 @@ extern void audit_syscall_entry(int arch
>                               unsigned long a2, unsigned long a3);
>  extern void audit_syscall_exit(int failed, long return_code);
>  extern void __audit_getname(const char *name);
> +extern const char *audit_get_inode_pathname(struct task_struct *tsk,
> +                                         struct inode *inode);
>  extern void audit_putname(const char *name);
>  extern void __audit_inode(const char *name, const struct dentry *dentry);
>  extern void __audit_inode_child(const char *dname, const struct dentry 
> *dentry,
> Index: security-testing-2.6/kernel/auditsc.c
> ===================================================================
> --- security-testing-2.6.orig/kernel/auditsc.c
> +++ security-testing-2.6/kernel/auditsc.c
> @@ -1677,6 +1677,28 @@ retry:
>  #endif
>  }
> 
> +const char *audit_get_inode_pathname(struct task_struct *tsk,
> +                                  struct inode *inode)
> +{
> +     struct audit_context *context;
> +     int idx;
> +
> +     context = tsk->audit_context;
> +     if (!context)
> +             return NULL;
> +     for (idx = 0; idx < context->name_count; idx++) {
> +             struct audit_names *n = &context->names[idx];
> +
> +             if (!n->name)
> +                     continue;
> +
> +             if (n->ino == inode->i_ino)
> +                     return n->name;
> +     }
> +     return NULL;
> +}
> +EXPORT_SYMBOL_GPL(audit_get_inode_pathname);
> +
>  /**
>   * audit_getname - add a name to the list
>   * @name: name to add
> 
> 
> --
> Linux-audit mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/linux-audit

--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to