userns: Convert the audit loginuid to be a kuid

Always store audit loginuids in type kuid_t. Print loginuids by converting them into uids in the appropriate user namespace, and then printing the resulting uid. Modify audit_get_loginuid to return a kuid_t. Modify audit_set_loginuid to take a kuid_t. Modify /proc/<pid>/loginuid on read to convert the loginuid into the user namespace of the opener of the file. Modify /proc/<pid>/loginud on write to convert the loginuid rom the user namespace of the opener of the file. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Cc: Paul Moore <paul@paul-moore.com> ? Cc: David Miller <davem@davemloft.net> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2012-09-11 01:39:43 -0400
committer: Eric W. Biederman <ebiederm@xmission.com> 2012-09-17 21:08:54 -0400
commit: e1760bd5ffae8cb98cffb030ee8e631eba28f3d8 (patch)
tree: 4694a60b407c418bf7de4b97355dc3bd0e6c6559 /include/linux
parent: ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7 (diff)
4 files changed, 7 insertions, 7 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index ca019bb74da3..12367cbadfe1 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -527,7 +527,7 @@ static inline void audit_ptrace(struct task_struct *t)
 extern unsigned int audit_serial(void);
 extern int auditsc_get_stamp(struct audit_context *ctx,
                              struct timespec *t, unsigned int *serial);
-extern int  audit_set_loginuid(uid_t loginuid);
+extern int  audit_set_loginuid(kuid_t loginuid);
 #define audit_get_loginuid(t) ((t)->loginuid)
 #define audit_get_sessionid(t) ((t)->sessionid)
 extern void audit_log_task_context(struct audit_buffer *ab);
@@ -639,7 +639,7 @@ extern int audit_signals;
 #define audit_core_dumps(i) do { ; } while (0)
 #define audit_seccomp(i,s,c) do { ; } while (0)
 #define auditsc_get_stamp(c,t,s) (0)
-#define audit_get_loginuid(t) (-1)
+#define audit_get_loginuid(t) (INVALID_UID)
 #define audit_get_sessionid(t) (-1)
 #define audit_log_task_context(b) do { ; } while (0)
 #define audit_ipc_obj(i) ((void)0)
@@ -705,7 +705,7 @@ extern int		    audit_update_lsm_rules(void);
 extern int audit_filter_user(void);
 extern int audit_filter_type(int type);
 extern int  audit_receive_filter(int type, int pid, int seq,
-                                void *data, size_t datasz, uid_t loginuid,
+                                void *data, size_t datasz, kuid_t loginuid,
                                u32 sessionid, u32 sid);
 extern int audit_enabled;
 #else
diff --git a/include/linux/init_task.h b/include/linux/init_task.h
index 89f1cb1056f0..6d087c5f57f7 100644
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
@@ -92,7 +92,7 @@ extern struct group_info init_groups;
 #ifdef CONFIG_AUDITSYSCALL
 #define INIT_IDS \
-        .loginuid = -1, \
+        .loginuid = INVALID_UID, \
        .sessionid = -1,
 #else
 #define INIT_IDS
diff --git a/include/linux/sched.h b/include/linux/sched.h
index c147e7024f11..f64d092f2bed 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1426,7 +1426,7 @@ struct task_struct {
        struct audit_context *audit_context;
 #ifdef CONFIG_AUDITSYSCALL
-        uid_t loginuid;
+        kuid_t loginuid;
        unsigned int sessionid;
 #endif
        struct seccomp seccomp;
diff --git a/include/linux/tty.h b/include/linux/tty.h
index 9f47ab540f65..7298385815e6 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -553,7 +553,7 @@ extern void tty_audit_fork(struct signal_struct *sig);
 extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);
 extern void tty_audit_push(struct tty_struct *tty);
 extern int tty_audit_push_task(struct task_struct *tsk,
-                               uid_t loginuid, u32 sessionid);
+                               kuid_t loginuid, u32 sessionid);
 #else
 static inline void tty_audit_add_data(struct tty_struct *tty,
                                      unsigned char *data, size_t size)
@@ -572,7 +572,7 @@ static inline void tty_audit_push(struct tty_struct *tty)
 {
 }
 static inline int tty_audit_push_task(struct task_struct *tsk,
-                                      uid_t loginuid, u32 sessionid)
+                                      kuid_t loginuid, u32 sessionid)
 {
        return 0;
 }
author	Eric W. Biederman <ebiederm@xmission.com>	2012-09-11 01:39:43 -0400
committer	Eric W. Biederman <ebiederm@xmission.com>	2012-09-17 21:08:54 -0400
commit	e1760bd5ffae8cb98cffb030ee8e631eba28f3d8 (patch)
tree	4694a60b407c418bf7de4b97355dc3bd0e6c6559 /include/linux
parent	ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7 (diff)

diff --git a/include/linux/audit.h b/include/linux/audit.h index ca019bb74da3..12367cbadfe1 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h
@@ -527,7 +527,7 @@ static inline void audit_ptrace(struct task_struct *t)
527	extern unsigned int audit_serial(void);	527	extern unsigned int audit_serial(void);
528	extern int auditsc_get_stamp(struct audit_context *ctx,	528	extern int auditsc_get_stamp(struct audit_context *ctx,
529	struct timespec t, unsigned int serial);	529	struct timespec t, unsigned int serial);
530	extern int audit_set_loginuid(uid_t loginuid);	530	extern int audit_set_loginuid(kuid_t loginuid);
531	#define audit_get_loginuid(t) ((t)->loginuid)	531	#define audit_get_loginuid(t) ((t)->loginuid)
532	#define audit_get_sessionid(t) ((t)->sessionid)	532	#define audit_get_sessionid(t) ((t)->sessionid)
533	extern void audit_log_task_context(struct audit_buffer *ab);	533	extern void audit_log_task_context(struct audit_buffer *ab);
@@ -639,7 +639,7 @@ extern int audit_signals;
639	#define audit_core_dumps(i) do { ; } while (0)	639	#define audit_core_dumps(i) do { ; } while (0)
640	#define audit_seccomp(i,s,c) do { ; } while (0)	640	#define audit_seccomp(i,s,c) do { ; } while (0)
641	#define auditsc_get_stamp(c,t,s) (0)	641	#define auditsc_get_stamp(c,t,s) (0)
642	#define audit_get_loginuid(t) (-1)	642	#define audit_get_loginuid(t) (INVALID_UID)
643	#define audit_get_sessionid(t) (-1)	643	#define audit_get_sessionid(t) (-1)
644	#define audit_log_task_context(b) do { ; } while (0)	644	#define audit_log_task_context(b) do { ; } while (0)
645	#define audit_ipc_obj(i) ((void)0)	645	#define audit_ipc_obj(i) ((void)0)
@@ -705,7 +705,7 @@ extern int audit_update_lsm_rules(void);
705	extern int audit_filter_user(void);	705	extern int audit_filter_user(void);
706	extern int audit_filter_type(int type);	706	extern int audit_filter_type(int type);
707	extern int audit_receive_filter(int type, int pid, int seq,	707	extern int audit_receive_filter(int type, int pid, int seq,
708	void *data, size_t datasz, uid_t loginuid,	708	void *data, size_t datasz, kuid_t loginuid,
709	u32 sessionid, u32 sid);	709	u32 sessionid, u32 sid);
710	extern int audit_enabled;	710	extern int audit_enabled;
711	#else	711	#else


diff --git a/include/linux/init_task.h b/include/linux/init_task.h index 89f1cb1056f0..6d087c5f57f7 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h
@@ -92,7 +92,7 @@ extern struct group_info init_groups;
92		92
93	#ifdef CONFIG_AUDITSYSCALL	93	#ifdef CONFIG_AUDITSYSCALL
94	#define INIT_IDS \	94	#define INIT_IDS \
95	.loginuid = -1, \	95	.loginuid = INVALID_UID, \
96	.sessionid = -1,	96	.sessionid = -1,
97	#else	97	#else
98	#define INIT_IDS	98	#define INIT_IDS


diff --git a/include/linux/sched.h b/include/linux/sched.h index c147e7024f11..f64d092f2bed 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h
@@ -1426,7 +1426,7 @@ struct task_struct {
1426		1426
1427	struct audit_context *audit_context;	1427	struct audit_context *audit_context;
1428	#ifdef CONFIG_AUDITSYSCALL	1428	#ifdef CONFIG_AUDITSYSCALL
1429	uid_t loginuid;	1429	kuid_t loginuid;
1430	unsigned int sessionid;	1430	unsigned int sessionid;
1431	#endif	1431	#endif
1432	struct seccomp seccomp;	1432	struct seccomp seccomp;


diff --git a/include/linux/tty.h b/include/linux/tty.h index 9f47ab540f65..7298385815e6 100644 --- a/include/linux/tty.h +++ b/include/linux/tty.h
@@ -553,7 +553,7 @@ extern void tty_audit_fork(struct signal_struct *sig);
553	extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);	553	extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);
554	extern void tty_audit_push(struct tty_struct *tty);	554	extern void tty_audit_push(struct tty_struct *tty);
555	extern int tty_audit_push_task(struct task_struct *tsk,	555	extern int tty_audit_push_task(struct task_struct *tsk,
556	uid_t loginuid, u32 sessionid);	556	kuid_t loginuid, u32 sessionid);
557	#else	557	#else
558	static inline void tty_audit_add_data(struct tty_struct *tty,	558	static inline void tty_audit_add_data(struct tty_struct *tty,
559	unsigned char *data, size_t size)	559	unsigned char *data, size_t size)
@@ -572,7 +572,7 @@ static inline void tty_audit_push(struct tty_struct *tty)
572	{	572	{
573	}	573	}
574	static inline int tty_audit_push_task(struct task_struct *tsk,	574	static inline int tty_audit_push_task(struct task_struct *tsk,
575	uid_t loginuid, u32 sessionid)	575	kuid_t loginuid, u32 sessionid)
576	{	576	{
577	return 0;	577	return 0;
578	}	578	}