]> err.no Git - linux-2.6/commit
[PATCH] get rid of AVC_PATH postponed treatment
authorAl Viro <viro@zeniv.linux.org.uk>
Thu, 7 Jun 2007 15:13:31 +0000 (11:13 -0400)
committerAl Viro <viro@zeniv.linux.org.uk>
Sun, 22 Jul 2007 13:57:02 +0000 (09:57 -0400)
commit4259fa01a2d2aa3e589b34ba7624080232d9c1ff
tree3aa83d784c4db22f3b62e4d963757497555c5e5c
parent74f2345b6be1410f824cb7dd638d2c10a9709379
[PATCH] get rid of AVC_PATH postponed treatment

        Selinux folks had been complaining about the lack of AVC_PATH
records when audit is disabled.  I must admit my stupidity - I assumed
that avc_audit() really couldn't use audit_log_d_path() because of
deadlocks (== could be called with dcache_lock or vfsmount_lock held).
Shouldn't have made that assumption - it never gets called that way.
It _is_ called under spinlocks, but not those.

        Since audit_log_d_path() uses ab->gfp_mask for allocations,
kmalloc() in there is not a problem.  IOW, the simple fix is sufficient:
let's rip AUDIT_AVC_PATH out and simply generate pathname as part of main
record.  It's trivial to do.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: James Morris <jmorris@namei.org>
include/linux/audit.h
kernel/auditsc.c
security/selinux/avc.c