Re: [RFC][PATCH] audit: get inode pathname patch
On Tue, 2008-08-12 at 19:47 -0400, Steve Grubb wrote: On Wednesday 06 August 2008 10:36:46 Mimi Zohar wrote: We are interested in using auditing's context pathname information. Is this the best way of accessing it? Add support for accessing auditing's inode full pathname. What would this be used for? Al could you comment on this? Would there be locking issues? The IMA measurement hash list contains a file name hint. Using a full pathname, when available, would be nice. Mimi -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
Re: [RFC][PATCH] audit: get inode pathname patch
On Wednesday 06 August 2008 10:36:46 Mimi Zohar wrote: We are interested in using auditing's context pathname information. Is this the best way of accessing it? Add support for accessing auditing's inode full pathname. What would this be used for? Al could you comment on this? Would there be locking issues? -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
[RFC][PATCH] audit: get inode pathname patch
We are interested in using auditing's context pathname information. Is this the best way of accessing it? Add support for accessing auditing's inode full pathname. Signed-off-by: Mimi Zohar [EMAIL PROTECTED] Index: security-testing-2.6/include/linux/audit.h === --- security-testing-2.6.orig/include/linux/audit.h +++ security-testing-2.6/include/linux/audit.h @@ -403,6 +403,8 @@ extern void audit_syscall_entry(int arch unsigned long a2, unsigned long a3); extern void audit_syscall_exit(int failed, long return_code); extern void __audit_getname(const char *name); +extern const char *audit_get_inode_pathname(struct task_struct *tsk, + struct inode *inode); extern void audit_putname(const char *name); extern void __audit_inode(const char *name, const struct dentry *dentry); extern void __audit_inode_child(const char *dname, const struct dentry *dentry, Index: security-testing-2.6/kernel/auditsc.c === --- security-testing-2.6.orig/kernel/auditsc.c +++ security-testing-2.6/kernel/auditsc.c @@ -1677,6 +1677,28 @@ retry: #endif } +const char *audit_get_inode_pathname(struct task_struct *tsk, +struct inode *inode) +{ + struct audit_context *context; + int idx; + + context = tsk-audit_context; + if (!context) + return NULL; + for (idx = 0; idx context-name_count; idx++) { + struct audit_names *n = context-names[idx]; + + if (!n-name) + continue; + + if (n-ino == inode-i_ino) + return n-name; + } + return NULL; +} +EXPORT_SYMBOL_GPL(audit_get_inode_pathname); + /** * audit_getname - add a name to the list * @name: name to add -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
Re: [RFC][PATCH] audit: get inode pathname patch
Quoting Mimi Zohar ([EMAIL PROTECTED]): We are interested in using auditing's context pathname information. Is this the best way of accessing it? Add support for accessing auditing's inode full pathname. Interesting idea. It does seem to do what you need. -serge Signed-off-by: Mimi Zohar [EMAIL PROTECTED] Index: security-testing-2.6/include/linux/audit.h === --- security-testing-2.6.orig/include/linux/audit.h +++ security-testing-2.6/include/linux/audit.h @@ -403,6 +403,8 @@ extern void audit_syscall_entry(int arch unsigned long a2, unsigned long a3); extern void audit_syscall_exit(int failed, long return_code); extern void __audit_getname(const char *name); +extern const char *audit_get_inode_pathname(struct task_struct *tsk, + struct inode *inode); extern void audit_putname(const char *name); extern void __audit_inode(const char *name, const struct dentry *dentry); extern void __audit_inode_child(const char *dname, const struct dentry *dentry, Index: security-testing-2.6/kernel/auditsc.c === --- security-testing-2.6.orig/kernel/auditsc.c +++ security-testing-2.6/kernel/auditsc.c @@ -1677,6 +1677,28 @@ retry: #endif } +const char *audit_get_inode_pathname(struct task_struct *tsk, + struct inode *inode) +{ + struct audit_context *context; + int idx; + + context = tsk-audit_context; + if (!context) + return NULL; + for (idx = 0; idx context-name_count; idx++) { + struct audit_names *n = context-names[idx]; + + if (!n-name) + continue; + + if (n-ino == inode-i_ino) + return n-name; + } + return NULL; +} +EXPORT_SYMBOL_GPL(audit_get_inode_pathname); + /** * audit_getname - add a name to the list * @name: name to add -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit