git.baikalelectronics.ru Git - kernel.git/commit

author	Richard Guy Briggs <rgb@redhat.com>
	Thu, 12 Oct 2017 00:57:13 +0000 (20:57 -0400)
committer	James Morris <james.l.morris@oracle.com>
	Fri, 20 Oct 2017 04:22:45 +0000 (15:22 +1100)
commit	953030438f7359dcfe0e737799017ee716cc93a9
tree	3f305c99b9f1cc2d5d076e464c7399c651fe285b	tree \| snapshot
parent	a9b150d47af3a8d3dea7e628ff3f7eb87640a9f4	commit \| diff

capabilities: fix logic for effective root or real root

Now that the logic is inverted, it is much easier to see that both real
root and effective root conditions had to be met to avoid printing the
BPRM_FCAPS record with audit syscalls. This meant that any setuid root
applications would print a full BPRM_FCAPS record when it wasn't
necessary, cluttering the event output, since the SYSCALL and PATH
records indicated the presence of the setuid bit and effective root user
id.

Require only one of effective root or real root to avoid printing the
unnecessary record.

Ref: commit 012623e7c673 ("Add audit_log_bprm_fcaps/AUDIT_BPRM_FCAPS")
See: https://github.com/linux-audit/audit-kernel/issues/16

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>