2499
2500
context->type = AUDIT_MMAP;
2503
* audit_core_dumps - record information about processes that end abnormally
2504
* @signr: signal value
2506
* If a process ends with a core dump, something fishy is going on and we
2507
* should record the event for investigation.
2509
void audit_core_dumps(long signr)
2503
static void audit_log_abend(struct audit_buffer *ab, char *reason, long signr)
2511
struct audit_buffer *ab;
2513
uid_t auid = audit_get_loginuid(current), uid;
2515
unsigned int sessionid = audit_get_sessionid(current);
2520
if (signr == SIGQUIT) /* don't care for those */
2523
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
2507
unsigned int sessionid;
2509
auid = audit_get_loginuid(current);
2510
sessionid = audit_get_sessionid(current);
2524
2511
current_uid_gid(&uid, &gid);
2525
2513
audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u",
2526
2514
auid, uid, gid, sessionid);
2527
security_task_getsecid(current, &sid);
2532
if (security_secid_to_secctx(sid, &ctx, &len))
2533
audit_log_format(ab, " ssid=%u", sid);
2535
audit_log_format(ab, " subj=%s", ctx);
2536
security_release_secctx(ctx, len);
2515
audit_log_task_context(ab);
2539
2516
audit_log_format(ab, " pid=%d comm=", current->pid);
2540
2517
audit_log_untrustedstring(ab, current->comm);
2518
audit_log_format(ab, " reason=");
2519
audit_log_string(ab, reason);
2541
2520
audit_log_format(ab, " sig=%ld", signr);
2523
* audit_core_dumps - record information about processes that end abnormally
2524
* @signr: signal value
2526
* If a process ends with a core dump, something fishy is going on and we
2527
* should record the event for investigation.
2529
void audit_core_dumps(long signr)
2531
struct audit_buffer *ab;
2536
if (signr == SIGQUIT) /* don't care for those */
2539
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
2540
audit_log_abend(ab, "memory violation", signr);
2544
void __audit_seccomp(unsigned long syscall, long signr, int code)
2546
struct audit_buffer *ab;
2548
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
2549
audit_log_abend(ab, "seccomp", signr);
2550
audit_log_format(ab, " syscall=%ld", syscall);
2551
#ifdef CONFIG_COMPAT
2552
audit_log_format(ab, " compat=%d", is_compat_task());
2554
audit_log_format(ab, " ip=0x%lx", KSTK_EIP(current));
2555
audit_log_format(ab, " code=0x%x", code);
2542
2556
audit_log_end(ab);