Pandora Sourcecodes - pandora-kernel.git/commit

author	Steve Grubb <sgrubb@redhat.com>
	Fri, 6 May 2005 11:38:39 +0000 (12:38 +0100)
committer	David Woodhouse <dwmw2@shinybook.infradead.org>
	Fri, 6 May 2005 11:38:39 +0000 (12:38 +0100)
commit	c2f0c7c356dc9ae15419f00c725a2fcc58eeff58
tree	2b765b791115e0e85b45bc98800fd2650b23155b	tree \| snapshot
parent	2512809255d018744fe6c2f5e996c83769846c07	commit \| diff

The attached patch addresses the problem with getting the audit daemon
shutdown credential information. It creates a new message type
AUDIT_TERM_INFO, which is used by the audit daemon to query who issued the
shutdown.

It requires the placement of a hook function that gathers the information. The
hook is after the DAC & MAC checks and before the function returns. Racing
threads could overwrite the uid & pid - but they would have to be root and
have policy that allows signalling the audit daemon. That should be a
manageable risk.

The userspace component will be released later in audit 0.7.2. When it
receives the TERM signal, it queries the kernel for shutdown information.
When it receives it, it writes the message and exits. The message looks
like this:

type=DAEMON msg=auditd(1114551182.000) auditd normal halt, sending pid=2650
uid=525, auditd pid=1685

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

include/linux/audit.h		diff \| blob \| history
kernel/audit.c		diff \| blob \| history
kernel/auditsc.c		diff \| blob \| history
kernel/signal.c		diff \| blob \| history
security/selinux/nlmsgtab.c		diff \| blob \| history