[PATCH v5 04/22] elf: Suppress audit calls when a (new) namespace is empty (BZ #28062)
Florian Weimer
fweimer@redhat.com
Wed Nov 10 14:15:24 GMT 2021
* Adhemerval Zanella:
> diff --git a/elf/dl-load.c b/elf/dl-load.c
> index 9f4fa9617d..72298776f6 100644
> --- a/elf/dl-load.c
> +++ b/elf/dl-load.c
> @@ -1067,8 +1067,11 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
> && __glibc_unlikely (GLRO(dl_naudit) > 0))
> {
> struct link_map *head = GL(dl_ns)[nsid]._ns_loaded;
> - /* Do not call the functions for any auditing object. */
> - if (head->l_auditing == 0)
> + /* Do not call the functions for any auditing object and also do not
> + try to call auditing functions if the namespace is currently
> + empty. This happens when opening the first DSO in a new
> + namespace. */
> + if (head != NULL && head->l_auditing == 0)
> {
> struct audit_ifaces *afct = GLRO(dl_audit);
> for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
As far as I can tell, using GL(dl_ns)[nsid]._ns_loaded for la_activity
is a completely arbitrary choice. I think we should use
&GL(dl_ns)[nsid] for secondary namespace instead, and keep
GL(dl_ns)[LM_ID_BASE]._ns_loaded for backwards compatibility.
This will allow us to generate an LA_ACT_ADD event for an empty
namespace.
Thanks,
Florian
More information about the Libc-alpha
mailing list