On Wed, Nov 20, 2013 at 02:03:01PM -0800, William Roberts wrote: > On Wed, Nov 20, 2013 at 1:47 PM, Richard Guy Briggs <[email protected]> wrote: > > On Thu, Nov 14, 2013 at 08:56:57AM +0530, Paul Davies C wrote: > >> Currently when the coredump signals are logged by the audit system , the > >> actual path to the executable is not logged. Without details of exe , the > >> system admin may not have an exact idea on what program failed. > >> > >> This patch changes the audit_log_task() so that the path to the exe is also > >> logged. > > > > Out of curiosity, on which platform are you observing this? This sounds > > related to Bill Roberts' recent cmdline patches. > > I don't think this is related, looks to me like he want the exe file that > started it. Where as I want some abstract field that was set by the VM > at application invocation.
I pulled the trigger on send a bit too fast... I see now where that code came from... It was copied from audit_log_task_info(). > >> Signed-off-by: Paul Davies C <[email protected]> > >> + struct mm_struct *mm = current->mm; > Why wouldn't we use: > get_task_mm(current) That may be a bit heavy for this usage since we are in the current context. > >> auid = audit_get_loginuid(current); > >> sessionid = audit_get_sessionid(current); > >> @@ -2366,6 +2367,12 @@ static void audit_log_task(struct audit_buffer *ab) > >> audit_log_task_context(ab); > >> audit_log_format(ab, " pid=%d comm=", current->pid); > >> audit_log_untrustedstring(ab, current->comm); > >> + if (mm) { > > if using get_task_mm() drop below > > >> + down_read(&mm->mmap_sem); > >> + if (mm->exe_file) > >> + audit_log_d_path(ab, " exe=", &mm->exe_file->f_path); > > if using get_task_mm() change below to mmput(mm); > > >> + up_read(&mm->mmap_sem); > >> + } > > > > - RGB > > William C Roberts - RGB -- Richard Guy Briggs <[email protected]> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
