From b48345aafb203803ccda4488cb5409b1ed435c0a Mon Sep 17 00:00:00 2001 From: Richard Guy Briggs <rgb@redhat.com> Date: Fri, 10 May 2019 12:21:49 -0400 Subject: audit: deliver signal_info regarless of syscall When a process signals the audit daemon (shutdown, rotate, resume, reconfig) but syscall auditing is not enabled, we still want to know the identity of the process sending the signal to the audit daemon. Move audit_signal_info() out of syscall auditing to general auditing but create a new function audit_signal_info_syscall() to take care of the syscall dependent parts for when syscall auditing is enabled. Please see the github kernel audit issue https://github.com/linux-audit/audit-kernel/issues/111 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> --- include/linux/audit.h | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'include/linux/audit.h') diff --git a/include/linux/audit.h b/include/linux/audit.h index 43a23e28ba23..b4078560cb73 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -196,6 +196,9 @@ static inline unsigned int audit_get_sessionid(struct task_struct *tsk) } extern u32 audit_enabled; + +extern int audit_signal_info(int sig, struct task_struct *t); + #else /* CONFIG_AUDIT */ static inline __printf(4, 5) void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, @@ -249,6 +252,12 @@ static inline unsigned int audit_get_sessionid(struct task_struct *tsk) } #define audit_enabled AUDIT_OFF + +static inline int audit_signal_info(int sig, struct task_struct *t) +{ + return 0; +} + #endif /* CONFIG_AUDIT */ #ifdef CONFIG_AUDIT_COMPAT_GENERIC -- cgit v1.2.3-70-g09d2