From: Eric Paris <eparis@redhat.com>
Subject: [RHEL5 PATHC] BZ 229094 collect audit inode information for all 	f*xattr commands
Date: Sun, 03 Jun 2007 17:37:33 -0400
Bugzilla: 229094
Message-Id: <1180906653.31147.11.camel@localhost.localdomain>
Changelog: [audit] collect audit inode information for all f*xattr commands


BZ 229094

Collect inode info for the remaining xattr syscalls that operate on a
file descriptor. These don't call a path_lookup variant, so they aren't
covered by the general audit hook.

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=510f4006e7a82b37b53c17bbe64ec20f3a59302b

In the LSPP kernel for quite some time and has tested just fine.

-Eric

--- linux-2.6.18.i686/fs/xattr.c.pre.2of4	2006-09-19 23:42:06.000000000 -0400
+++ linux-2.6.18.i686/fs/xattr.c	2007-02-15 17:23:48.000000000 -0500
@@ -319,11 +319,14 @@ asmlinkage ssize_t
 sys_fgetxattr(int fd, char __user *name, void __user *value, size_t size)
 {
 	struct file *f;
+	struct dentry *dentry;
 	ssize_t error = -EBADF;
 
 	f = fget(fd);
 	if (!f)
 		return error;
+	dentry = f->f_dentry;
+	audit_inode(NULL, dentry->d_inode);
 	error = getxattr(f->f_dentry, name, value, size);
 	fput(f);
 	return error;
@@ -402,11 +405,14 @@ asmlinkage ssize_t
 sys_flistxattr(int fd, char __user *list, size_t size)
 {
 	struct file *f;
+	struct dentry *dentry;
 	ssize_t error = -EBADF;
 
 	f = fget(fd);
 	if (!f)
 		return error;
+	dentry = f->f_dentry;
+	audit_inode(NULL, dentry->d_inode);
 	error = listxattr(f->f_dentry, list, size);
 	fput(f);
 	return error;