Commit 939cbf26 authored by Eric Paris's avatar Eric Paris Committed by Al Viro

Audit: send signal info if selinux is disabled

Audit will not respond to signal requests if selinux is disabled since it is
unable to translate the 0 sid from the sending process to a context.  This
patch just doesn't send the context info if there isn't any.
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 44e51a1b
...@@ -855,18 +855,24 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) ...@@ -855,18 +855,24 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
break; break;
} }
case AUDIT_SIGNAL_INFO: case AUDIT_SIGNAL_INFO:
err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); len = 0;
if (err) if (audit_sig_sid) {
return err; err = security_secid_to_secctx(audit_sig_sid, &ctx, &len);
if (err)
return err;
}
sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);
if (!sig_data) { if (!sig_data) {
security_release_secctx(ctx, len); if (audit_sig_sid)
security_release_secctx(ctx, len);
return -ENOMEM; return -ENOMEM;
} }
sig_data->uid = audit_sig_uid; sig_data->uid = audit_sig_uid;
sig_data->pid = audit_sig_pid; sig_data->pid = audit_sig_pid;
memcpy(sig_data->ctx, ctx, len); if (audit_sig_sid) {
security_release_secctx(ctx, len); memcpy(sig_data->ctx, ctx, len);
security_release_secctx(ctx, len);
}
audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO, audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO,
0, 0, sig_data, sizeof(*sig_data) + len); 0, 0, sig_data, sizeof(*sig_data) + len);
kfree(sig_data); kfree(sig_data);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment