[PATCH 3/3] kernel/auditsc: use correct blob for files in security_audit_rule_match call

Dmitry Mastykin dmastykin at astralinux.ru
Fri Aug 6 07:02:45 UTC 2021


File audit didn't work. Uninitialized local structure was passed
to security_audit_rule_match instead of audit_names oblob.

Signed-off-by: Dmitry Mastykin <dmastykin at astralinux.ru>
---
 kernel/auditsc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index c314533dd220..3b1afdb5cda4 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -689,14 +689,14 @@ static int audit_filter_rules(struct task_struct *tsk,
 				/* Find files that match */
 				if (name) {
 					result = security_audit_rule_match(
-								&blob,
+								&name->oblob,
 								f->type,
 								f->op,
 								f->lsm_rules);
 				} else if (ctx) {
 					list_for_each_entry(n, &ctx->names_list, list) {
 						if (security_audit_rule_match(
-								&blob,
+								&n->oblob,
 								f->type,
 								f->op,
 								f->lsm_rules)) {
-- 
2.11.0



More information about the Linux-security-module-archive mailing list