diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2012-09-11 01:39:43 -0400 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-09-17 21:08:54 -0400 |
| commit | e1760bd5ffae8cb98cffb030ee8e631eba28f3d8 (patch) | |
| tree | 4694a60b407c418bf7de4b97355dc3bd0e6c6559 /drivers/tty/tty_audit.c | |
| parent | ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7 (diff) | |
userns: Convert the audit loginuid to be a kuid
Always store audit loginuids in type kuid_t.
Print loginuids by converting them into uids in the appropriate user
namespace, and then printing the resulting uid.
Modify audit_get_loginuid to return a kuid_t.
Modify audit_set_loginuid to take a kuid_t.
Modify /proc/<pid>/loginuid on read to convert the loginuid into the
user namespace of the opener of the file.
Modify /proc/<pid>/loginud on write to convert the loginuid
rom the user namespace of the opener of the file.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Cc: Paul Moore <paul@paul-moore.com> ?
Cc: David Miller <davem@davemloft.net>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'drivers/tty/tty_audit.c')
| -rw-r--r-- | drivers/tty/tty_audit.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c index 7c5866920622..5b59bd7f4227 100644 --- a/drivers/tty/tty_audit.c +++ b/drivers/tty/tty_audit.c | |||
| @@ -61,7 +61,7 @@ static void tty_audit_buf_put(struct tty_audit_buf *buf) | |||
| 61 | } | 61 | } |
| 62 | 62 | ||
| 63 | static void tty_audit_log(const char *description, struct task_struct *tsk, | 63 | static void tty_audit_log(const char *description, struct task_struct *tsk, |
| 64 | uid_t loginuid, unsigned sessionid, int major, | 64 | kuid_t loginuid, unsigned sessionid, int major, |
| 65 | int minor, unsigned char *data, size_t size) | 65 | int minor, unsigned char *data, size_t size) |
| 66 | { | 66 | { |
| 67 | struct audit_buffer *ab; | 67 | struct audit_buffer *ab; |
| @@ -73,7 +73,9 @@ static void tty_audit_log(const char *description, struct task_struct *tsk, | |||
| 73 | 73 | ||
| 74 | audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u " | 74 | audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u " |
| 75 | "major=%d minor=%d comm=", description, | 75 | "major=%d minor=%d comm=", description, |
| 76 | tsk->pid, uid, loginuid, sessionid, | 76 | tsk->pid, uid, |
| 77 | from_kuid(&init_user_ns, loginuid), | ||
| 78 | sessionid, | ||
| 77 | major, minor); | 79 | major, minor); |
| 78 | get_task_comm(name, tsk); | 80 | get_task_comm(name, tsk); |
| 79 | audit_log_untrustedstring(ab, name); | 81 | audit_log_untrustedstring(ab, name); |
| @@ -89,7 +91,7 @@ static void tty_audit_log(const char *description, struct task_struct *tsk, | |||
| 89 | * Generate an audit message from the contents of @buf, which is owned by | 91 | * Generate an audit message from the contents of @buf, which is owned by |
| 90 | * @tsk with @loginuid. @buf->mutex must be locked. | 92 | * @tsk with @loginuid. @buf->mutex must be locked. |
| 91 | */ | 93 | */ |
| 92 | static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, | 94 | static void tty_audit_buf_push(struct task_struct *tsk, kuid_t loginuid, |
| 93 | unsigned int sessionid, | 95 | unsigned int sessionid, |
| 94 | struct tty_audit_buf *buf) | 96 | struct tty_audit_buf *buf) |
| 95 | { | 97 | { |
| @@ -112,7 +114,7 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, | |||
| 112 | */ | 114 | */ |
| 113 | static void tty_audit_buf_push_current(struct tty_audit_buf *buf) | 115 | static void tty_audit_buf_push_current(struct tty_audit_buf *buf) |
| 114 | { | 116 | { |
| 115 | uid_t auid = audit_get_loginuid(current); | 117 | kuid_t auid = audit_get_loginuid(current); |
| 116 | unsigned int sessionid = audit_get_sessionid(current); | 118 | unsigned int sessionid = audit_get_sessionid(current); |
| 117 | tty_audit_buf_push(current, auid, sessionid, buf); | 119 | tty_audit_buf_push(current, auid, sessionid, buf); |
| 118 | } | 120 | } |
| @@ -179,7 +181,7 @@ void tty_audit_tiocsti(struct tty_struct *tty, char ch) | |||
| 179 | } | 181 | } |
| 180 | 182 | ||
| 181 | if (should_audit && audit_enabled) { | 183 | if (should_audit && audit_enabled) { |
| 182 | uid_t auid; | 184 | kuid_t auid; |
| 183 | unsigned int sessionid; | 185 | unsigned int sessionid; |
| 184 | 186 | ||
| 185 | auid = audit_get_loginuid(current); | 187 | auid = audit_get_loginuid(current); |
| @@ -199,7 +201,7 @@ void tty_audit_tiocsti(struct tty_struct *tty, char ch) | |||
| 199 | * reference to the tty audit buffer if available. | 201 | * reference to the tty audit buffer if available. |
| 200 | * Flush the buffer or return an appropriate error code. | 202 | * Flush the buffer or return an appropriate error code. |
| 201 | */ | 203 | */ |
| 202 | int tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid) | 204 | int tty_audit_push_task(struct task_struct *tsk, kuid_t loginuid, u32 sessionid) |
| 203 | { | 205 | { |
| 204 | struct tty_audit_buf *buf = ERR_PTR(-EPERM); | 206 | struct tty_audit_buf *buf = ERR_PTR(-EPERM); |
| 205 | unsigned long flags; | 207 | unsigned long flags; |