fs: add link restriction audit reporting
Adds audit messages for unexpected link restriction violations so that system owners will have some sort of potentially actionable information about misbehaving processes. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Kees Cook
@@ -692,6 +692,7 @@ static inline int may_follow_link(struct path *link, struct nameidata *nd)
|
||||
|
||||
path_put_conditional(link, nd);
|
||||
path_put(&nd->path);
|
||||
audit_log_link_denied("follow_link", link);
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
@@ -760,6 +761,7 @@ static int may_linkat(struct path *link)
|
||||
capable(CAP_FOWNER))
|
||||
return 0;
|
||||
|
||||
audit_log_link_denied("linkat", link);
|
||||
return -EPERM;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user