[PATCH v2 4/4] seccomp: Don't special case audited processes when logging
Kees Cook
keescook at chromium.org
Wed May 2 16:57:05 UTC 2018
On Wed, May 2, 2018 at 8:53 AM, Tyler Hicks <tyhicks at canonical.com> wrote:
> diff --git a/kernel/seccomp.c b/kernel/seccomp.c
> index da78835..9029d9d 100644
> --- a/kernel/seccomp.c
> +++ b/kernel/seccomp.c
> @@ -584,18 +584,13 @@ static inline void seccomp_log(unsigned long syscall, long signr, u32 action,
> }
>
> /*
> - * Force an audit message to be emitted when the action is RET_KILL_*,
> - * RET_LOG, or the FILTER_FLAG_LOG bit was set and the action is
> - * allowed to be logged by the admin.
> + * Emit an audit message when the action is RET_KILL_*, RET_LOG, or the
> + * FILTER_FLAG_LOG bit was set. The admin has the ability to silence
> + * any action from being logged by removing the action name from the
> + * seccomp_actions_logged sysctl.
> */
> if (log)
> - return __audit_seccomp(syscall, signr, action);
> -
> - /*
> - * Let the audit subsystem decide if the action should be audited based
> - * on whether the current task itself is being audited.
> - */
> - return audit_seccomp(syscall, signr, action);
> + audit_seccomp(syscall, signr, action);
> }
This whole series looks great to me. If I can get an Ack from Paul for
the audit bits, I can take it via the seccomp tree. One minor nit on
seccomp_log() above, I'd probably change this to show the "exception"
case as "out of line" of normal code flow. i.e. instead of "if (log)
audit_seccomp", invert it to return early:
...
if (!log)
return;
audit_seccomp(syscall, signr, action);
}
But if there isn't some other need for a v3, I can just make this
change when I commit.
Thanks for fixing this up!
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list