From: Amy Griffis <amy.griffis@hp.com>
Date: Thu, 13 Jul 2006 17:16:39 +0000 (-0400)
Subject: [PATCH] fix missed create event for directory audit
X-Git-Tag: v2.6.18-rc4~63
X-Git-Url: https://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=73d3ec5abad3f1730ac8530899d2c14d92f3ad63;p=pandora-kernel.git

[PATCH] fix missed create event for directory audit

When an object is created via a symlink into an audited directory, audit misses
the event due to not having collected the inode data for the directory.  Modify
__audit_inode_child() to copy the parent inode data if a parent wasn't found in
audit_names[].

Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---

diff --git a/fs/namei.c b/fs/namei.c
index 47a7bad92d2a..0ab26cbdacc0 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1357,7 +1357,7 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
 		return -ENOENT;
 
 	BUG_ON(victim->d_parent->d_inode != dir);
-	audit_inode_child(victim->d_name.name, victim->d_inode, dir->i_ino);
+	audit_inode_child(victim->d_name.name, victim->d_inode, dir);
 
 	error = permission(dir,MAY_WRITE | MAY_EXEC, NULL);
 	if (error)
diff --git a/include/linux/audit.h b/include/linux/audit.h
index e7e5e5348987..bf196c05826c 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -327,7 +327,7 @@ extern void __audit_getname(const char *name);
 extern void audit_putname(const char *name);
 extern void __audit_inode(const char *name, const struct inode *inode);
 extern void __audit_inode_child(const char *dname, const struct inode *inode,
-				unsigned long pino);
+				const struct inode *parent);
 extern void __audit_inode_update(const struct inode *inode);
 static inline void audit_getname(const char *name)
 {
@@ -339,10 +339,10 @@ static inline void audit_inode(const char *name, const struct inode *inode) {
 		__audit_inode(name, inode);
 }
 static inline void audit_inode_child(const char *dname, 
-				     const struct inode *inode, 
-				     unsigned long pino) {
+				     const struct inode *inode,
+				     const struct inode *parent) {
 	if (unlikely(current->audit_context))
-		__audit_inode_child(dname, inode, pino);
+		__audit_inode_child(dname, inode, parent);
 }
 static inline void audit_inode_update(const struct inode *inode) {
 	if (unlikely(current->audit_context))
Reading git-diff-tree failed