[RFC PATCH 3/9] audit: dev/test patch to force io_uring auditing
Paul Moore
paul at paul-moore.com
Fri May 21 21:50:00 UTC 2021
WARNING - This patch is intended only to aid in the initial dev/test
of the audit/io_uring support, it is not intended to be merged.
With this patch, you can emit io_uring operation audit records with
the following commands (the first clears any blocking rules):
% auditctl -D
% auditctl -a exit,always -S io_uring_enter
Signed-off-by: DO NOT COMMIT
---
kernel/auditsc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 729849d41631..d8aa2c690bf9 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1898,6 +1898,10 @@ void __audit_uring_exit(int success, long code)
audit_log_uring(ctx);
return;
}
+#if 1
+ /* XXX - temporary hack to force record generation */
+ ctx->current_state = AUDIT_RECORD_CONTEXT;
+#endif
/* this may generate CONFIG_CHANGE records */
if (!list_empty(&ctx->killed_trees))
More information about the Linux-security-module-archive
mailing list