[PATCH v5 04/22] elf: Suppress audit calls when a (new) namespace is empty (BZ #28062)

Florian Weimer fweimer@redhat.com
Wed Nov 10 14:15:24 GMT 2021


* Adhemerval Zanella:

> diff --git a/elf/dl-load.c b/elf/dl-load.c
> index 9f4fa9617d..72298776f6 100644
> --- a/elf/dl-load.c
> +++ b/elf/dl-load.c
> @@ -1067,8 +1067,11 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
>  	  && __glibc_unlikely (GLRO(dl_naudit) > 0))
>  	{
>  	  struct link_map *head = GL(dl_ns)[nsid]._ns_loaded;
> -	  /* Do not call the functions for any auditing object.  */
> -	  if (head->l_auditing == 0)
> +	  /* Do not call the functions for any auditing object and also do not
> +	     try to call auditing functions if the namespace is currently
> +	     empty.  This happens when opening the first DSO in a new
> +	     namespace.  */
> +	  if (head != NULL && head->l_auditing == 0)
>  	    {
>  	      struct audit_ifaces *afct = GLRO(dl_audit);
>  	      for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)

As far as I can tell, using GL(dl_ns)[nsid]._ns_loaded for la_activity
is a completely arbitrary choice.  I think we should use
&GL(dl_ns)[nsid] for secondary namespace instead, and keep
GL(dl_ns)[LM_ID_BASE]._ns_loaded for backwards compatibility.

This will allow us to generate an LA_ACT_ADD event for an empty
namespace.

Thanks,
Florian



More information about the Libc-alpha mailing list