seccomp: audit abnormal end to a process due to seccomp
The audit system likes to collect information about processes that end abnormally (SIGSEGV) as this may me useful intrusion detection information. This patch adds audit support to collect information when seccomp forces a task to exit because of misbehavior in a similar way. Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Eric Paris
Al Viro
parent
16c174bd95
commit
85e7bac33b
3 changed files with 39 additions and 21 deletions
|
|
@ -6,6 +6,7 @@
|
|||
* This defines a simple but solid secure-computing mode.
|
||||
*/
|
||||
|
||||
#include <linux/audit.h>
|
||||
#include <linux/seccomp.h>
|
||||
#include <linux/sched.h>
|
||||
#include <linux/compat.h>
|
||||
|
|
@ -54,6 +55,7 @@ void __secure_computing(int this_syscall)
|
|||
#ifdef SECCOMP_DEBUG
|
||||
dump_stack();
|
||||
#endif
|
||||
audit_seccomp(this_syscall);
|
||||
do_exit(SIGKILL);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue