On 2021-12-14 17:35, Paul Moore wrote: > On Wed, Dec 8, 2021 at 3:33 AM Leo Yan <[email protected]> wrote: > > > > Replace open code with task_is_in_init_pid_ns() for checking root PID > > namespace. > > > > Signed-off-by: Leo Yan <[email protected]> > > --- > > kernel/audit.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > I'm not sure how necessary this is, but it looks correct to me.
I had the same thought. I looks correct to me. I could see the value if it permitted init_pid_ns to not be global. > Acked-by: Paul Moore <[email protected]> Reviewed-by: Richard Guy Briggs <[email protected]> > > diff --git a/kernel/audit.c b/kernel/audit.c > > index 121d37e700a6..56ea91014180 100644 > > --- a/kernel/audit.c > > +++ b/kernel/audit.c > > @@ -1034,7 +1034,7 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 > > msg_type) > > case AUDIT_MAKE_EQUIV: > > /* Only support auditd and auditctl in initial pid namespace > > * for now. */ > > - if (task_active_pid_ns(current) != &init_pid_ns) > > + if (!task_is_in_init_pid_ns(current)) > > return -EPERM; > > > > if (!netlink_capable(skb, CAP_AUDIT_CONTROL)) > > -- > > 2.25.1 > > paul moore - RGB -- Richard Guy Briggs <[email protected]> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
