diff options
author | Oleg Nesterov <oleg@redhat.com> | 2013-09-15 19:11:09 +0200 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2013-11-05 11:07:18 -0500 |
commit | d48d805122e39c066898df2e460875d3aaf60508 (patch) | |
tree | 01142204314c7e0d938dba19b9c07c27bf97a277 /kernel | |
parent | af0e493d304262162dcc0e0b39ee47b12461d003 (diff) |
audit_alloc: clear TIF_SYSCALL_AUDIT if !audit_context
If audit_filter_task() nacks the new thread it makes sense
to clear TIF_SYSCALL_AUDIT which can be copied from parent
by dup_task_struct().
A wrong TIF_SYSCALL_AUDIT is not really bad but it triggers
the "slow" audit paths in entry.S to ensure the task can not
miss audit_syscall_*() calls, this is pointless if the task
has no ->audit_context.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Steve Grubb <sgrubb@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditsc.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 9845cb32b60a..95293abb877a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -943,8 +943,10 @@ int audit_alloc(struct task_struct *tsk) return 0; /* Return if not auditing. */ state = audit_filter_task(tsk, &key); - if (state == AUDIT_DISABLED) + if (state == AUDIT_DISABLED) { + clear_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT); return 0; + } if (!(context = audit_alloc_context(state))) { kfree(key); |