The audit_filter_rules() function in auditsc.c compared the session ID with the credentials of the current task, while it should use the credentials of the task given to audit_filter_rules() as a parameter (tsk).
GitHub issue: https://github.com/linux-audit/audit-kernel/issues/82 Fixes: 8fae47705685 ("audit: add support for session ID user filter") Cc: sta...@vger.kernel.org Signed-off-by: Ondrej Mosnacek <omosn...@redhat.com> --- kernel/auditsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index ec38e4d97c23..6d577a34b16b 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -513,7 +513,7 @@ static int audit_filter_rules(struct task_struct *tsk, result = audit_gid_comparator(cred->fsgid, f->op, f->gid); break; case AUDIT_SESSIONID: - sessionid = audit_get_sessionid(current); + sessionid = audit_get_sessionid(tsk); result = audit_comparator(sessionid, f->op, f->val); break; case AUDIT_PERS: -- 2.17.0 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
