Skip to content

Commit

Permalink
audit: keep inode pinned
Browse files Browse the repository at this point in the history 
Audit rules disappear when an inode they watch is evicted from the cache.
This is likely not what we want.

The guilty commit is "fsnotify: allow marks to not pin inodes in core",
which didn't take into account that audit_tree adds watches with a zero
mask.

Adding any mask should fix this.

Fixes: 90b1e7a ("fsnotify: allow marks to not pin inodes in core")
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Cc: stable@vger.kernel.org # 2.6.36+
Signed-off-by: Paul Moore <pmoore@redhat.com>
  • Loading branch information
Miklos Szeredi authored and Paul Moore committed Nov 11, 2014
1 parent 897f1ac commit 799b601
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions kernel/audit_tree.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,7 @@ static struct audit_chunk *alloc_chunk(int count)
chunk->owners[i].index = i;
}
fsnotify_init_mark(&chunk->mark, audit_tree_destroy_watch);
chunk->mark.mask = FS_IN_IGNORED;
return chunk;
}

Expand Down

0 comments on commit 799b601

Please sign in to comment.