When the capset syscall is used it is not possible for audit to record the

[mv-sheeva.git] / kernel / capability.c

diff --git a/kernel/capability.c b/kernel/capability.c
index e13a68535ad5d8587e1ea4c84233cdf4b65f519b..19f9eda8997530489bc499908d1934488d740b5e 100644 (file)
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -7,6 +7,7 @@
  * 30 May 2002:        Cleanup, Robert M. Love <rml@tech9.net>
  */
 
+#include <linux/audit.h>
 #include <linux/capability.h>
 #include <linux/mm.h>
 #include <linux/module.h>
@@ -468,6 +469,10 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
                i++;
        }
 
+       ret = audit_log_capset(pid, &effective, &inheritable, &permitted);
+       if (ret)
+               return ret;
+
        if (pid && (pid != task_pid_vnr(current)))
                ret = do_sys_capset_other_tasks(pid, &effective, &inheritable,
                                                &permitted);