[PATCH 2/2] smack: show msgrcv() subject task in audit
Konstantin Andreev
andreev at swemel.ru
Mon May 11 00:17:17 UTC 2026
When a task msgrcv()'es some message the SMACK audit log message
looks like:
fn=smk_tskacc_msq action=denied subject="bar" object="foo" requested=rw
pid=456 comm="mrcv" ipc_key=2
fn=smk_tskacc_msq action=granted subject="bar" object="foo" requested=rw
pid=519 comm="mrcv" ipc_key=2
where pid= is a pid of a “current” task which calls smk_tskacc_msq().
Usually, the caller of smk_tskacc_msq() is also a subject task
which determines its own permission. In the example above
the 'mrcv' process has label 'bar' and wants "rw" for label "foo".
However, when sender task delivers message using
ipc/msg.c`pipelined_send():
` security_msg_queue_msgrcv(,, msr->r_tsk,,)
` smp_store_release(&msr->r_msg, msg)
“current” task and “subject” task differ, and
the “subject” task is missed from the audit message.
This patch adds two fields, subj_pid and subj_comm,
into the audit message:
fn=smk_tskacc_msq action=granted subject="bar" object="foo" requested=rw
subj_pid=564 subj_comm="mrcv" pid=577 comm="msnd" ipc_key=2
Signed-off-by: Konstantin Andreev <andreev at swemel.ru>
---
security/smack/smack.h | 1 +
security/smack/smack_access.c | 9 +++++++++
security/smack/smack_lsm.c | 2 ++
3 files changed, 12 insertions(+)
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 9b9eb262fe33..551fcf2a1832 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -261,6 +261,7 @@ struct smack_audit_data {
char *subject;
char *object;
char *request;
+ struct task_struct *subj_tsk;
int result;
};
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 350b88d582b3..fb85356266e5 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -331,6 +331,15 @@ static void smack_log_callback(struct audit_buffer *ab, void *a)
audit_log_format(ab, " labels_differ");
else
audit_log_format(ab, " requested=%s", sad->request);
+
+ if (sad->subj_tsk) {
+ char comm[TASK_COMM_LEN];
+
+ audit_log_format(ab, " subj_pid=%d subj_comm=",
+ task_tgid_nr(sad->subj_tsk));
+ audit_log_untrustedstring(ab,
+ get_task_comm(comm, sad->subj_tsk));
+ }
}
/**
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 3146fa83c2f1..6f6ff9b20981 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3383,6 +3383,8 @@ smk_tskacc_msq(struct task_struct *tsk, struct kern_ipc_perm *isp, int access)
#ifdef CONFIG_AUDIT
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
ad.a.u.ipc_id = isp->id;
+ if (!tsk_is_current)
+ ad.sad.subj_tsk = tsk;
#endif
rc = smk_tskacc(tsp, msp, access, &ad);
rc = smk_bu_tsk_to_obj(tsk, tsp, "msq", msp, access, rc);
--
2.47.3
More information about the Linux-security-module-archive
mailing list