Hello Paul Moore, Looks like this patch never got picked up. I think we should apply it.
-Steve On Thursday, November 14, 2013 08:56:57 AM Paul Davies C wrote: > Currently when the coredump signals are logged by the audit system , the > actual path to the executable is not logged. Without details of exe , the > system admin may not have an exact idea on what program failed. > > This patch changes the audit_log_task() so that the path to the exe is also > logged. > > Signed-off-by: Paul Davies C <[email protected]> > --- > kernel/auditsc.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 9845cb3..988de72 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -2353,6 +2353,7 @@ static void audit_log_task(struct audit_buffer *ab) > kuid_t auid, uid; > kgid_t gid; > unsigned int sessionid; > + struct mm_struct *mm = current->mm; > > auid = audit_get_loginuid(current); > sessionid = audit_get_sessionid(current); > @@ -2366,6 +2367,12 @@ static void audit_log_task(struct audit_buffer *ab) > audit_log_task_context(ab); > audit_log_format(ab, " pid=%d comm=", current->pid); > audit_log_untrustedstring(ab, current->comm); > + if (mm) { > + down_read(&mm->mmap_sem); > + if (mm->exe_file) > + audit_log_d_path(ab, " exe=", &mm->exe_file->f_path); > + up_read(&mm->mmap_sem); > + } > } > > static void audit_log_abend(struct audit_buffer *ab, char *reason, long > signr) -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
