We should reply the audit filter list request to the proper
user namespace.
Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
---
kernel/audit.c | 3 ++-
kernel/audit.h | 1 +
kernel/auditfilter.c | 1 +
3 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 1ca1714..f723fe2 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -474,8 +474,9 @@ int audit_send_list(void *_dest)
mutex_unlock(&audit_cmd_mutex);
while ((skb = __skb_dequeue(&dest->q)) != NULL)
- netlink_unicast(init_user_ns.audit.sock, skb, pid, 0);
+ netlink_unicast(dest->user_ns->audit.sock, skb, pid, 0);
+ put_user_ns(dest->user_ns);
kfree(dest);
return 0;
diff --git a/kernel/audit.h b/kernel/audit.h
index a509796..7934598 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -85,6 +85,7 @@ extern void audit_panic(const char *message);
struct audit_netlink_list {
int pid;
struct sk_buff_head q;
+ struct user_namespace *user_ns;
};
int audit_send_list(void *);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index cf7fe98..f2afe9b 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1180,6 +1180,7 @@ int audit_receive_filter(int type, int pid, int seq, void *data,
return -ENOMEM;
dest->pid = pid;
skb_queue_head_init(&dest->q);
+ dest->user_ns = get_user_ns(ns);
mutex_lock(&audit_filter_mutex);
if (type == AUDIT_LIST)
--
1.8.1.4
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
