On Wed, Dec 8, 2021 at 3:33 AM Leo Yan <[email protected]> wrote: > > Replace open code with task_is_in_init_pid_ns() for checking root PID > namespace. > > Signed-off-by: Leo Yan <[email protected]> > --- > kernel/audit.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-)
I'm not sure how necessary this is, but it looks correct to me. Acked-by: Paul Moore <[email protected]> > diff --git a/kernel/audit.c b/kernel/audit.c > index 121d37e700a6..56ea91014180 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -1034,7 +1034,7 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 > msg_type) > case AUDIT_MAKE_EQUIV: > /* Only support auditd and auditctl in initial pid namespace > * for now. */ > - if (task_active_pid_ns(current) != &init_pid_ns) > + if (!task_is_in_init_pid_ns(current)) > return -EPERM; > > if (!netlink_capable(skb, CAP_AUDIT_CONTROL)) > -- > 2.25.1 -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
