• Al Viro's avatar
    [PATCH] get rid of AVC_PATH postponed treatment · 4259fa01
    Al Viro authored
            Selinux folks had been complaining about the lack of AVC_PATH
    records when audit is disabled.  I must admit my stupidity - I assumed
    that avc_audit() really couldn't use audit_log_d_path() because of
    deadlocks (== could be called with dcache_lock or vfsmount_lock held).
    Shouldn't have made that assumption - it never gets called that way.
    It _is_ called under spinlocks, but not those.
    
            Since audit_log_d_path() uses ab->gfp_mask for allocations,
    kmalloc() in there is not a problem.  IOW, the simple fix is sufficient:
    let's rip AUDIT_AVC_PATH out and simply generate pathname as part of main
    record.  It's trivial to do.
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    Acked-by: default avatarJames Morris <jmorris@namei.org>
    4259fa01
avc.c 23.2 KB