Merge tag 'audit-pr-20240911' of git://git.kernel.org/pub/scm/linux/k…

…ernel/git/pcmoore/audit Pull audit updates from Paul Moore: - Fix some remaining problems with PID/TGID reporting When most users think about PIDs, what they are really thinking about is the TGID. This commit shifts the audit PID logging and filtering to use the TGID value which should provide a more meaningful audit stream and filtering experience for users. - Migrate to the str_enabled_disabled() helper Evidently we have helper functions that help ensure if we mistype "enabled" or "disabled" it is now caught at compile time. I guess we're fancy now. * tag 'audit-pr-20240911' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: Make use of str_enabled_disabled() helper audit: use task_tgid_nr() instead of task_pid_nr()
starfive-tech · Sep 16, 2024 · dc644fb · dc644fb
2 parents 43a64bd + 8c1867a
commit dc644fb
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/kernel/audit.c b/kernel/audit.c
@@ -1612,7 +1612,7 @@ static void audit_log_multicast(int group, const char *op, int err)
 	cred = current_cred();
 	tty = audit_get_tty();
 	audit_log_format(ab, "pid=%u uid=%u auid=%u tty=%s ses=%u",
-			 task_pid_nr(current),
+			 task_tgid_nr(current),
 			 from_kuid(&init_user_ns, cred->uid),
 			 from_kuid(&init_user_ns, audit_get_loginuid(current)),
 			 tty ? tty_name(tty) : "(none)",
@@ -1706,7 +1706,7 @@ static int __init audit_init(void)
 	audit_cmd_mutex.owner = NULL;
 
 	pr_info("initializing netlink subsys (%s)\n",
-		audit_default ? "enabled" : "disabled");
+		str_enabled_disabled(audit_default));
 	register_pernet_subsys(&audit_net_ops);
 
 	audit_initialized = AUDIT_INITIALIZED;

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
@@ -1344,7 +1344,7 @@ int audit_filter(int msgtype, unsigned int listtype)
 
 			switch (f->type) {
 			case AUDIT_PID:
-				pid = task_pid_nr(current);
+				pid = task_tgid_nr(current);
 				result = audit_comparator(pid, f->op, f->val);
 				break;
 			case AUDIT_UID:

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
@@ -2933,7 +2933,7 @@ void __audit_log_nfcfg(const char *name, u8 af, unsigned int nentries,
 	audit_log_format(ab, "table=%s family=%u entries=%u op=%s",
 			 name, af, nentries, audit_nfcfgs[op].s);
 
-	audit_log_format(ab, " pid=%u", task_pid_nr(current));
+	audit_log_format(ab, " pid=%u", task_tgid_nr(current));
 	audit_log_task_context(ab); /* subj= */
 	audit_log_format(ab, " comm=");
 	audit_log_untrustedstring(ab, get_task_comm(comm, current));