diff options
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/audit.c | 20 | ||||
| -rw-r--r-- | kernel/audit_watch.c | 2 | ||||
| -rw-r--r-- | kernel/auditfilter.c | 7 | ||||
| -rw-r--r-- | kernel/auditsc.c | 20 |
4 files changed, 26 insertions, 23 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 2e0dd5edf69b..44a4b13c9f00 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -265,7 +265,7 @@ void audit_log_lost(const char *message) | |||
| 265 | } | 265 | } |
| 266 | 266 | ||
| 267 | static int audit_log_config_change(char *function_name, int new, int old, | 267 | static int audit_log_config_change(char *function_name, int new, int old, |
| 268 | uid_t loginuid, u32 sessionid, u32 sid, | 268 | kuid_t loginuid, u32 sessionid, u32 sid, |
| 269 | int allow_changes) | 269 | int allow_changes) |
| 270 | { | 270 | { |
| 271 | struct audit_buffer *ab; | 271 | struct audit_buffer *ab; |
| @@ -273,7 +273,7 @@ static int audit_log_config_change(char *function_name, int new, int old, | |||
| 273 | 273 | ||
| 274 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); | 274 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); |
| 275 | audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new, | 275 | audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new, |
| 276 | old, loginuid, sessionid); | 276 | old, from_kuid(&init_user_ns, loginuid), sessionid); |
| 277 | if (sid) { | 277 | if (sid) { |
| 278 | char *ctx = NULL; | 278 | char *ctx = NULL; |
| 279 | u32 len; | 279 | u32 len; |
| @@ -293,7 +293,7 @@ static int audit_log_config_change(char *function_name, int new, int old, | |||
| 293 | } | 293 | } |
| 294 | 294 | ||
| 295 | static int audit_do_config_change(char *function_name, int *to_change, | 295 | static int audit_do_config_change(char *function_name, int *to_change, |
| 296 | int new, uid_t loginuid, u32 sessionid, | 296 | int new, kuid_t loginuid, u32 sessionid, |
| 297 | u32 sid) | 297 | u32 sid) |
| 298 | { | 298 | { |
| 299 | int allow_changes, rc = 0, old = *to_change; | 299 | int allow_changes, rc = 0, old = *to_change; |
| @@ -320,21 +320,21 @@ static int audit_do_config_change(char *function_name, int *to_change, | |||
| 320 | return rc; | 320 | return rc; |
| 321 | } | 321 | } |
| 322 | 322 | ||
| 323 | static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sessionid, | 323 | static int audit_set_rate_limit(int limit, kuid_t loginuid, u32 sessionid, |
| 324 | u32 sid) | 324 | u32 sid) |
| 325 | { | 325 | { |
| 326 | return audit_do_config_change("audit_rate_limit", &audit_rate_limit, | 326 | return audit_do_config_change("audit_rate_limit", &audit_rate_limit, |
| 327 | limit, loginuid, sessionid, sid); | 327 | limit, loginuid, sessionid, sid); |
| 328 | } | 328 | } |
| 329 | 329 | ||
| 330 | static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sessionid, | 330 | static int audit_set_backlog_limit(int limit, kuid_t loginuid, u32 sessionid, |
| 331 | u32 sid) | 331 | u32 sid) |
| 332 | { | 332 | { |
| 333 | return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, | 333 | return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, |
| 334 | limit, loginuid, sessionid, sid); | 334 | limit, loginuid, sessionid, sid); |
| 335 | } | 335 | } |
| 336 | 336 | ||
| 337 | static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid) | 337 | static int audit_set_enabled(int state, kuid_t loginuid, u32 sessionid, u32 sid) |
| 338 | { | 338 | { |
| 339 | int rc; | 339 | int rc; |
| 340 | if (state < AUDIT_OFF || state > AUDIT_LOCKED) | 340 | if (state < AUDIT_OFF || state > AUDIT_LOCKED) |
| @@ -349,7 +349,7 @@ static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid) | |||
| 349 | return rc; | 349 | return rc; |
| 350 | } | 350 | } |
| 351 | 351 | ||
| 352 | static int audit_set_failure(int state, uid_t loginuid, u32 sessionid, u32 sid) | 352 | static int audit_set_failure(int state, kuid_t loginuid, u32 sessionid, u32 sid) |
| 353 | { | 353 | { |
| 354 | if (state != AUDIT_FAIL_SILENT | 354 | if (state != AUDIT_FAIL_SILENT |
| 355 | && state != AUDIT_FAIL_PRINTK | 355 | && state != AUDIT_FAIL_PRINTK |
| @@ -607,7 +607,7 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type) | |||
| 607 | } | 607 | } |
| 608 | 608 | ||
| 609 | static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type, | 609 | static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type, |
| 610 | uid_t auid, u32 ses, u32 sid) | 610 | kuid_t auid, u32 ses, u32 sid) |
| 611 | { | 611 | { |
| 612 | int rc = 0; | 612 | int rc = 0; |
| 613 | char *ctx = NULL; | 613 | char *ctx = NULL; |
| @@ -622,7 +622,7 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type, | |||
| 622 | audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u", | 622 | audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u", |
| 623 | task_tgid_vnr(current), | 623 | task_tgid_vnr(current), |
| 624 | from_kuid(&init_user_ns, current_uid()), | 624 | from_kuid(&init_user_ns, current_uid()), |
| 625 | auid, ses); | 625 | from_kuid(&init_user_ns, auid), ses); |
| 626 | if (sid) { | 626 | if (sid) { |
| 627 | rc = security_secid_to_secctx(sid, &ctx, &len); | 627 | rc = security_secid_to_secctx(sid, &ctx, &len); |
| 628 | if (rc) | 628 | if (rc) |
| @@ -644,7 +644,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 644 | int err; | 644 | int err; |
| 645 | struct audit_buffer *ab; | 645 | struct audit_buffer *ab; |
| 646 | u16 msg_type = nlh->nlmsg_type; | 646 | u16 msg_type = nlh->nlmsg_type; |
| 647 | uid_t loginuid; /* loginuid of sender */ | 647 | kuid_t loginuid; /* loginuid of sender */ |
| 648 | u32 sessionid; | 648 | u32 sessionid; |
| 649 | struct audit_sig_info *sig_data; | 649 | struct audit_sig_info *sig_data; |
| 650 | char *ctx = NULL; | 650 | char *ctx = NULL; |
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c index 3823281401b5..1c22ec3d87bc 100644 --- a/kernel/audit_watch.c +++ b/kernel/audit_watch.c | |||
| @@ -241,7 +241,7 @@ static void audit_watch_log_rule_change(struct audit_krule *r, struct audit_watc | |||
| 241 | struct audit_buffer *ab; | 241 | struct audit_buffer *ab; |
| 242 | ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE); | 242 | ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE); |
| 243 | audit_log_format(ab, "auid=%u ses=%u op=", | 243 | audit_log_format(ab, "auid=%u ses=%u op=", |
| 244 | audit_get_loginuid(current), | 244 | from_kuid(&init_user_ns, audit_get_loginuid(current)), |
| 245 | audit_get_sessionid(current)); | 245 | audit_get_sessionid(current)); |
| 246 | audit_log_string(ab, op); | 246 | audit_log_string(ab, op); |
| 247 | audit_log_format(ab, " path="); | 247 | audit_log_format(ab, " path="); |
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index b30320cea26f..c4bcdbaf4d4d 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -1109,7 +1109,7 @@ static void audit_list_rules(int pid, int seq, struct sk_buff_head *q) | |||
| 1109 | } | 1109 | } |
| 1110 | 1110 | ||
| 1111 | /* Log rule additions and removals */ | 1111 | /* Log rule additions and removals */ |
| 1112 | static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid, | 1112 | static void audit_log_rule_change(kuid_t loginuid, u32 sessionid, u32 sid, |
| 1113 | char *action, struct audit_krule *rule, | 1113 | char *action, struct audit_krule *rule, |
| 1114 | int res) | 1114 | int res) |
| 1115 | { | 1115 | { |
| @@ -1121,7 +1121,8 @@ static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid, | |||
| 1121 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); | 1121 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); |
| 1122 | if (!ab) | 1122 | if (!ab) |
| 1123 | return; | 1123 | return; |
| 1124 | audit_log_format(ab, "auid=%u ses=%u", loginuid, sessionid); | 1124 | audit_log_format(ab, "auid=%u ses=%u", |
| 1125 | from_kuid(&init_user_ns, loginuid), sessionid); | ||
| 1125 | if (sid) { | 1126 | if (sid) { |
| 1126 | char *ctx = NULL; | 1127 | char *ctx = NULL; |
| 1127 | u32 len; | 1128 | u32 len; |
| @@ -1152,7 +1153,7 @@ static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid, | |||
| 1152 | * @sid: SE Linux Security ID of sender | 1153 | * @sid: SE Linux Security ID of sender |
| 1153 | */ | 1154 | */ |
| 1154 | int audit_receive_filter(int type, int pid, int seq, void *data, | 1155 | int audit_receive_filter(int type, int pid, int seq, void *data, |
| 1155 | size_t datasz, uid_t loginuid, u32 sessionid, u32 sid) | 1156 | size_t datasz, kuid_t loginuid, u32 sessionid, u32 sid) |
| 1156 | { | 1157 | { |
| 1157 | struct task_struct *tsk; | 1158 | struct task_struct *tsk; |
| 1158 | struct audit_netlink_list *dest; | 1159 | struct audit_netlink_list *dest; |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 0b5b8a232b55..26fdfc092e35 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -149,7 +149,7 @@ struct audit_aux_data_execve { | |||
| 149 | struct audit_aux_data_pids { | 149 | struct audit_aux_data_pids { |
| 150 | struct audit_aux_data d; | 150 | struct audit_aux_data d; |
| 151 | pid_t target_pid[AUDIT_AUX_PIDS]; | 151 | pid_t target_pid[AUDIT_AUX_PIDS]; |
| 152 | uid_t target_auid[AUDIT_AUX_PIDS]; | 152 | kuid_t target_auid[AUDIT_AUX_PIDS]; |
| 153 | uid_t target_uid[AUDIT_AUX_PIDS]; | 153 | uid_t target_uid[AUDIT_AUX_PIDS]; |
| 154 | unsigned int target_sessionid[AUDIT_AUX_PIDS]; | 154 | unsigned int target_sessionid[AUDIT_AUX_PIDS]; |
| 155 | u32 target_sid[AUDIT_AUX_PIDS]; | 155 | u32 target_sid[AUDIT_AUX_PIDS]; |
| @@ -214,7 +214,7 @@ struct audit_context { | |||
| 214 | int arch; | 214 | int arch; |
| 215 | 215 | ||
| 216 | pid_t target_pid; | 216 | pid_t target_pid; |
| 217 | uid_t target_auid; | 217 | kuid_t target_auid; |
| 218 | uid_t target_uid; | 218 | uid_t target_uid; |
| 219 | unsigned int target_sessionid; | 219 | unsigned int target_sessionid; |
| 220 | u32 target_sid; | 220 | u32 target_sid; |
| @@ -1176,7 +1176,7 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk | |||
| 1176 | } | 1176 | } |
| 1177 | 1177 | ||
| 1178 | static int audit_log_pid_context(struct audit_context *context, pid_t pid, | 1178 | static int audit_log_pid_context(struct audit_context *context, pid_t pid, |
| 1179 | uid_t auid, uid_t uid, unsigned int sessionid, | 1179 | kuid_t auid, uid_t uid, unsigned int sessionid, |
| 1180 | u32 sid, char *comm) | 1180 | u32 sid, char *comm) |
| 1181 | { | 1181 | { |
| 1182 | struct audit_buffer *ab; | 1182 | struct audit_buffer *ab; |
| @@ -1188,7 +1188,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, | |||
| 1188 | if (!ab) | 1188 | if (!ab) |
| 1189 | return rc; | 1189 | return rc; |
| 1190 | 1190 | ||
| 1191 | audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, auid, | 1191 | audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, |
| 1192 | from_kuid(&init_user_ns, auid), | ||
| 1192 | uid, sessionid); | 1193 | uid, sessionid); |
| 1193 | if (security_secid_to_secctx(sid, &ctx, &len)) { | 1194 | if (security_secid_to_secctx(sid, &ctx, &len)) { |
| 1194 | audit_log_format(ab, " obj=(none)"); | 1195 | audit_log_format(ab, " obj=(none)"); |
| @@ -1630,7 +1631,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
| 1630 | context->name_count, | 1631 | context->name_count, |
| 1631 | context->ppid, | 1632 | context->ppid, |
| 1632 | context->pid, | 1633 | context->pid, |
| 1633 | tsk->loginuid, | 1634 | from_kuid(&init_user_ns, tsk->loginuid), |
| 1634 | context->uid, | 1635 | context->uid, |
| 1635 | context->gid, | 1636 | context->gid, |
| 1636 | context->euid, context->suid, context->fsuid, | 1637 | context->euid, context->suid, context->fsuid, |
| @@ -2291,14 +2292,14 @@ static atomic_t session_id = ATOMIC_INIT(0); | |||
| 2291 | * | 2292 | * |
| 2292 | * Called (set) from fs/proc/base.c::proc_loginuid_write(). | 2293 | * Called (set) from fs/proc/base.c::proc_loginuid_write(). |
| 2293 | */ | 2294 | */ |
| 2294 | int audit_set_loginuid(uid_t loginuid) | 2295 | int audit_set_loginuid(kuid_t loginuid) |
| 2295 | { | 2296 | { |
| 2296 | struct task_struct *task = current; | 2297 | struct task_struct *task = current; |
| 2297 | struct audit_context *context = task->audit_context; | 2298 | struct audit_context *context = task->audit_context; |
| 2298 | unsigned int sessionid; | 2299 | unsigned int sessionid; |
| 2299 | 2300 | ||
| 2300 | #ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE | 2301 | #ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE |
| 2301 | if (task->loginuid != -1) | 2302 | if (uid_valid(task->loginuid)) |
| 2302 | return -EPERM; | 2303 | return -EPERM; |
| 2303 | #else /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ | 2304 | #else /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ |
| 2304 | if (!capable(CAP_AUDIT_CONTROL)) | 2305 | if (!capable(CAP_AUDIT_CONTROL)) |
| @@ -2315,7 +2316,8 @@ int audit_set_loginuid(uid_t loginuid) | |||
| 2315 | "old auid=%u new auid=%u" | 2316 | "old auid=%u new auid=%u" |
| 2316 | " old ses=%u new ses=%u", | 2317 | " old ses=%u new ses=%u", |
| 2317 | task->pid, task_uid(task), | 2318 | task->pid, task_uid(task), |
| 2318 | task->loginuid, loginuid, | 2319 | from_kuid(&init_user_ns, task->loginuid), |
| 2320 | from_kuid(&init_user_ns, loginuid), | ||
| 2319 | task->sessionid, sessionid); | 2321 | task->sessionid, sessionid); |
| 2320 | audit_log_end(ab); | 2322 | audit_log_end(ab); |
| 2321 | } | 2323 | } |
| @@ -2543,7 +2545,7 @@ int __audit_signal_info(int sig, struct task_struct *t) | |||
| 2543 | if (audit_pid && t->tgid == audit_pid) { | 2545 | if (audit_pid && t->tgid == audit_pid) { |
| 2544 | if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) { | 2546 | if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) { |
| 2545 | audit_sig_pid = tsk->pid; | 2547 | audit_sig_pid = tsk->pid; |
| 2546 | if (tsk->loginuid != -1) | 2548 | if (uid_valid(tsk->loginuid)) |
| 2547 | audit_sig_uid = tsk->loginuid; | 2549 | audit_sig_uid = tsk->loginuid; |
| 2548 | else | 2550 | else |
| 2549 | audit_sig_uid = uid; | 2551 | audit_sig_uid = uid; |