audit: anchor all pid references in the initial pid namespace Store and log all PIDs with reference to the initial PID namespace and use the access functions task_pid_nr() and task_tgid_nr() for task->pid and task->tgid. Cc: "Eric W. Biederman" <ebiederm@xmission.com> (informed by ebiederman's c776b5d2) Signed-off-by: Richard Guy Briggs <rgb@redhat.com>

commit: f1dc4867ff41b7bcca57fa19449d1fe7ad517ac1 [log] [tgz]
author: Richard Guy Briggs <rgb@redhat.com> Wed Dec 11 13:52:26 2013 -0500
committer: Eric Paris <eparis@redhat.com> Thu Mar 20 10:11:55 2014 -0400
tree: 873f8e7625dc54ae20a0cc2513fb6a33027f36d7
parent: c92cdeb45eea38515e82187f48c2e4f435fb4e25 [diff] [blame]
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index a6cf7ab..6381f25 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c

@@ -457,10 +457,12 @@
 		struct audit_field *f = &rule->fields[i];
 		struct audit_names *n;
 		int result = 0;
+		pid_t pid;
 
 		switch (f->type) {
 		case AUDIT_PID:
-			result = audit_comparator(tsk->pid, f->op, f->val);
+			pid = task_pid_nr(tsk);
+			result = audit_comparator(pid, f->op, f->val);
 			break;
 		case AUDIT_PPID:
 			if (ctx) {
@@ -2051,7 +2053,7 @@
 	audit_log_format(ab, "pid=%d uid=%u"
 			 " old-auid=%u new-auid=%u old-ses=%u new-ses=%u"
 			 " res=%d",
-			 current->pid, uid,
+			 task_pid_nr(current), uid,
 			 oldloginuid, loginuid, oldsessionid, sessionid,
 			 !rc);
 	audit_log_end(ab);
@@ -2275,7 +2277,7 @@
 {
 	struct audit_context *context = current->audit_context;
 
-	context->target_pid = t->pid;
+	context->target_pid = task_pid_nr(t);
 	context->target_auid = audit_get_loginuid(t);
 	context->target_uid = task_uid(t);
 	context->target_sessionid = audit_get_sessionid(t);
@@ -2300,7 +2302,7 @@
 
 	if (audit_pid && t->tgid == audit_pid) {
 		if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) {
-			audit_sig_pid = tsk->pid;
+			audit_sig_pid = task_pid_nr(tsk);
 			if (uid_valid(tsk->loginuid))
 				audit_sig_uid = tsk->loginuid;
 			else
@@ -2314,7 +2316,7 @@
 	/* optimize the common case by putting first signal recipient directly
 	 * in audit_context */
 	if (!ctx->target_pid) {
-		ctx->target_pid = t->tgid;
+		ctx->target_pid = task_tgid_nr(t);
 		ctx->target_auid = audit_get_loginuid(t);
 		ctx->target_uid = t_uid;
 		ctx->target_sessionid = audit_get_sessionid(t);
@@ -2335,7 +2337,7 @@
 	}
 	BUG_ON(axp->pid_count >= AUDIT_AUX_PIDS);
 
-	axp->target_pid[axp->pid_count] = t->tgid;
+	axp->target_pid[axp->pid_count] = task_tgid_nr(t);
 	axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
 	axp->target_uid[axp->pid_count] = t_uid;
 	axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
@@ -2435,7 +2437,7 @@
 			 from_kgid(&init_user_ns, gid),
 			 sessionid);
 	audit_log_task_context(ab);
-	audit_log_format(ab, " pid=%d comm=", current->pid);
+	audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));
 	audit_log_untrustedstring(ab, current->comm);
 	if (mm) {
 		down_read(&mm->mmap_sem);
commit	f1dc4867ff41b7bcca57fa19449d1fe7ad517ac1	[log] [tgz]
author	Richard Guy Briggs <rgb@redhat.com>	Wed Dec 11 13:52:26 2013 -0500
committer	Eric Paris <eparis@redhat.com>	Thu Mar 20 10:11:55 2014 -0400
tree	873f8e7625dc54ae20a0cc2513fb6a33027f36d7
parent	c92cdeb45eea38515e82187f48c2e4f435fb4e25 [diff] [blame]