From patchwork Tue Jul 26 14:54:30 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeffrey Vander Stoep X-Patchwork-Id: 9248323 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 541A96077C for ; Tue, 26 Jul 2016 15:04:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 452632624C for ; Tue, 26 Jul 2016 15:04:44 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 39A4126D08; Tue, 26 Jul 2016 15:04:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,T_DKIM_INVALID autolearn=no version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id A3F922624C for ; Tue, 26 Jul 2016 15:04:40 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.28,425,1464652800"; d="scan'208";a="15938040" IronPort-PHdr: =?us-ascii?q?9a23=3ALRJK/hNgOROYcxLkwBkl6mtUPXoX/o7sNwtQ0KIM?= =?us-ascii?q?zox0KPn7rarrMEGX3/hxlliBBdydsKMczbSN+P6xEUU7or+5+EgYd5JNUxJXwe?= =?us-ascii?q?43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6anHS+4HYoFwnlMkIt?= =?us-ascii?q?f6KuS9aU0Z/8ibH60qaQSj0AvCC6b7J2IUf+hiTqne5Sv7FfLL0swADCuHpCdr?= =?us-ascii?q?ce72ppIVWOg0S0vZ/or9Ze6SAYh9YNv44FCP27LOwESulDATAnNX0lzNH6vhnE?= =?us-ascii?q?Cw2U7z0TVXtFvABPBl3n4R/0Fqn4tCf3rKJGxC6XJYWiT706VyqK4KBsRxvlzi?= =?us-ascii?q?wAMmhqoynslsVsgfcD81qarBtlztuROdmY?= X-IPAS-Result: =?us-ascii?q?A2FhAQAFe5dX/wHyM5BeHAEBgyGBUroZBUwlhz1MAQEBAQE?= =?us-ascii?q?BAgJaJ4IyBAMQghYBBAIPFRMGAQEMIAsBAgMJAhcpCAgDAS0DAQUBCx8LBRgEA?= =?us-ascii?q?YgPnVmBMj4xilSFKgEBBYkSCwEBARsIEIQPgguIXxEBaIUPjw+KJ4RNii4CgWq?= =?us-ascii?q?HWiWFUgJIhhqIBDCBD1SCAw0cgWxOhxSBNQEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 26 Jul 2016 15:01:05 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u6QEtNjR016503; Tue, 26 Jul 2016 10:57:01 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u6QEt8wq074288 for ; Tue, 26 Jul 2016 10:55:08 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u6QEt8T5016492 for ; Tue, 26 Jul 2016 10:55:08 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1B/AAAreZdXhjDcVdFeHAEBhHO2aoMvBViGHYE5TAEBAQEBARMBAQEICwsJGYUOARUVGQEBNwGBFAEFATUiiA+dVoEyPjGKVIUqAQEFiRIBAQEHAh0IEIQPgguJWYF9C4MHjw+KJ4RNii4CgWqHWoV3AkiGGogEMIEPglcNEQuBbBwyiEkBAQE X-IPAS-Result: A1B/AAAreZdXhjDcVdFeHAEBhHO2aoMvBViGHYE5TAEBAQEBARMBAQEICwsJGYUOARUVGQEBNwGBFAEFATUiiA+dVoEyPjGKVIUqAQEFiRIBAQEHAh0IEIQPgguJWYF9C4MHjw+KJ4RNii4CgWqHWoV3AkiGGogEMIEPglcNEQuBbBwyiEkBAQE X-IronPort-AV: E=Sophos;i="5.28,425,1464667200"; d="scan'208";a="5603315" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 26 Jul 2016 10:54:58 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3A8Y7YmBGkY/v8qXB95jgbAZ1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ75pMmwAkXT6L1XgUPTWs2DsrQf2rKQ7furBz1IyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?= =?us-ascii?q?brysXNWD14LpjKvsqtX6WEZhvHKFe7R8LRG7/036l/I9ps9cEJs30QbDuXBSeu?= =?us-ascii?q?5blitCLFOXmAvgtI/rpMYwu3cYh/V07MNEUKPnb4wkXLdYC3IgKGlz68r15jfZ?= =?us-ascii?q?Sg7axHYSXC0omxxEDhKN1w39U4+55in3uORj8CadOsLyQPY/XjH0vPQjcwPhlC?= =?us-ascii?q?pSb21xy2rQkMEl1K8=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0G9AACzeJdXhjDcVdFeHAEBhHO2aoMvB?= =?us-ascii?q?ViGHYE5TAEBAQEBAQICDwEBAQgLCwkZL4IyFYIYARUVGQEBNwGBFAEFATUiiA+?= =?us-ascii?q?dVIEyPjGKVIUqAQEFiRIBAQEHAQEBARsIEIQPgguJWYF9C4MHjw+KJ4RNii4Cg?= =?us-ascii?q?WqHWoV3AkiGGogEMIEPglcNEQuBbBwyiEkBAQE?= X-IPAS-Result: =?us-ascii?q?A0G9AACzeJdXhjDcVdFeHAEBhHO2aoMvBViGHYE5TAEBAQE?= =?us-ascii?q?BAQICDwEBAQgLCwkZL4IyFYIYARUVGQEBNwGBFAEFATUiiA+dVIEyPjGKVIUqA?= =?us-ascii?q?QEFiRIBAQEHAQEBARsIEIQPgguJWYF9C4MHjw+KJ4RNii4CgWqHWoV3AkiGGog?= =?us-ascii?q?EMIEPglcNEQuBbBwyiEkBAQE?= X-IronPort-AV: E=Sophos;i="5.28,425,1464652800"; d="scan'208";a="15937725" Received: from mail-pa0-f48.google.com ([209.85.220.48]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256; 26 Jul 2016 14:54:49 +0000 Received: by mail-pa0-f48.google.com with SMTP id ks6so595647pab.0 for ; Tue, 26 Jul 2016 07:54:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=nZYvgc6fDNxDBgMvIJ3qoixjAffhl+xBuR8IebfqfHQ=; b=ibPo4DHP9GtDqYLPnpYgWs0Av0iB/jE9jgXd3J3Gc/ZJ6sHucV4mDZkwHlH32vWF4F EKRp23vXJbJEt6khOA1TuPflNvv1coIEWjMZ6DUO1DQ0XZ3Yfadpxhroh5nfy913uOyo qyDbF1ayNhIvFkziMi+X0cavTlN9O8yLpphzyTv38TI+c4xxtTWTQLrehgktlyPcyP6k lVRpH+eOtEtPfq3KZxE+9EjMdikq93vHxgn8HiWB0QwlKFq2WE/l9NNlkQn80GTcCxz4 KEuC7RnupXBsd2uJMda9t82uar+I5VtWNDwLvyQ48LT7rNgK6PMiYl4sMIAgoTN3Fqwt hpgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=nZYvgc6fDNxDBgMvIJ3qoixjAffhl+xBuR8IebfqfHQ=; b=V2QyT1yziz/y2LtPuJSbRa4Xc/MeDPhuoC023gRVIB8heuh01ryBILlGogB8Nj7SC5 lGbx35hQ5Q6phpnzDEa8Rb41MGdMF2/99sdSnBs7aafpYZayqtsruWTy9mEnAk22xbC5 sAYevF7Bi8yKXsNcZAJzL5Vc6QEvoi2mx79NuX2jH9VfsU+4AXEvTCauL+Da11frcd0S qy6afSXtPZAEdrBiMVDcK8o/wxkXrUBfGngZHJ9nk2LafUZlP1yunU4DUM7eTvqVilDF JtCQC8tJeZWYZKr9npAo0K9IazC5LzCRRYGrNAwwN1/UyljPGQ4qjmHztmz4mdBurk40 FTYw== X-Gm-Message-State: AEkooutHIN1Zm9cZbUjDMfHL+8I0Qkfts0tHwakBRvOYn/tCXuLJ9aTxuhFTBphnHOZWIz09 X-Received: by 10.66.246.134 with SMTP id xw6mr39906942pac.35.1469544874887; Tue, 26 Jul 2016 07:54:34 -0700 (PDT) Received: from jeffv-linux.mtv.corp.google.com ([172.22.112.85]) by smtp.gmail.com with ESMTPSA id fj19sm2135475pab.37.2016.07.26.07.54.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 26 Jul 2016 07:54:34 -0700 (PDT) From: Jeff Vander Stoep To: selinux@tycho.nsa.gov Subject: [PATCH] security: lsm_audit: print pid and tid Date: Tue, 26 Jul 2016 07:54:30 -0700 Message-Id: <1469544870-11574-1-git-send-email-jeffv@google.com> X-Mailer: git-send-email 2.8.0.rc3.226.g39d4020 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: linux-audit@redhat.com MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP dump_common_audit_data() currently contains a field for pid, but the value printed is actually the thread ID, tid. Update this value to return the task group ID. Add a new field for tid. With this change the values printed by audit now match the values returned by the getpid() and gettid() syscalls. Signed-off-by: Jeff Vander Stoep --- security/lsm_audit.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/security/lsm_audit.c b/security/lsm_audit.c index cccbf30..57f26c1 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -220,7 +220,8 @@ static void dump_common_audit_data(struct audit_buffer *ab, */ BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2); - audit_log_format(ab, " pid=%d comm=", task_pid_nr(current)); + audit_log_format(ab, " pid=%d tid=%d comm=", task_tgid_vnr(tsk), + task_pid_vnr(tsk)); audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm))); switch (a->type) { @@ -294,10 +295,12 @@ static void dump_common_audit_data(struct audit_buffer *ab, case LSM_AUDIT_DATA_TASK: { struct task_struct *tsk = a->u.tsk; if (tsk) { - pid_t pid = task_pid_nr(tsk); + pid_t pid = task_tgid_vnr(tsk); if (pid) { char comm[sizeof(tsk->comm)]; audit_log_format(ab, " opid=%d ocomm=", pid); + audit_log_format(ab, " opid=%d otid=%d ocomm=", + pid, task_pid_vnr(tsk)); audit_log_untrustedstring(ab, memcpy(comm, tsk->comm, sizeof(comm))); }