On Tue, 2013-12-17 at 11:10 +0800, Gao feng wrote: > NETLINK_CB(skb).sk is the socket of user space process, > netlink_unicast in kauditd_send_skb wants the kernel > side socket. Since the sk_state of audit netlink socket > is not NETLINK_CONNECTED, so the netlink_getsockbyportid > doesn't return -ECONNREFUSED. > > And the socket of userspace process can be released anytime, > so the audit_sock may point to invalid socket. > > this patch sets the audit_sock to the kernel side audit > netlink socket. > > Signed-off-by: Gao feng <[email protected]>
Acked-by: Eric Paris <[email protected]> > --- > kernel/audit.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/audit.c b/kernel/audit.c > index 041b951..ff1d1d7 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -822,7 +822,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct > nlmsghdr *nlh) > audit_log_config_change("audit_pid", new_pid, > audit_pid, 1); > audit_pid = new_pid; > audit_nlk_portid = NETLINK_CB(skb).portid; > - audit_sock = NETLINK_CB(skb).sk; > + audit_sock = skb->sk; > } > if (s.mask & AUDIT_STATUS_RATE_LIMIT) { > err = audit_set_rate_limit(s.rate_limit); -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
