[PATCH 2/2] seccomp: forcing auditing of kill condition

Tim Gardner tim.gardner at canonical.com
Mon Nov 19 18:52:19 UTC 2012

From: Kees Cook <kees at ubuntu.com>

BugLink: http://bugs.launchpad.net/bugs/1079469

Instead of auditing all seccomp actions, only force the reporting of
those that kill a process. All others should be checked for an existing
audit context on the process. (This improves the adjustment that
commit 426ae7eee59e3de2a4c14ccfc30df0a7d64709fe was attempting.)

Signed-off-by: Kees Cook <kees at ubuntu.com>
Acked-by: Herton Krzesinski <herton.krzesinski at canonical.com>
Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
 kernel/seccomp.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index ee376be..9002cfa 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -443,7 +443,7 @@ int __secure_computing(int this_syscall)
-	audit_seccomp(this_syscall, exit_sig, ret);
+	__audit_seccomp(this_syscall, exit_sig, ret);

More information about the kernel-team mailing list