aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorAmy Griffis <amy.griffis@hp.com>2005-11-03 11:00:25 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2006-03-20 14:08:53 -0500
commit73241ccca0f7786933f1d31b3d86f2456549953a (patch)
treedaa7efabfb7aa2f511a467606786820949e8763e /fs
parentf38aa94224c5517a40ba56d453779f70d3229803 (diff)
[PATCH] Collect more inode information during syscall processing.
This patch augments the collection of inode info during syscall processing. It represents part of the functionality that was provided by the auditfs patch included in RHEL4. Specifically, it: - Collects information for target inodes created or removed during syscalls. Previous code only collects information for the target inode's parent. - Adds the audit_inode() hook to syscalls that operate on a file descriptor (e.g. fchown), enabling audit to do inode filtering for these calls. - Modifies filtering code to check audit context for either an inode # or a parent inode # matching a given rule. - Modifies logging to provide inode # for both parent and child. - Protect debug info from NULL audit_names.name. [AV: folded a later typo fix from the same author] Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r--fs/namei.c1
-rw-r--r--fs/open.c8
-rw-r--r--fs/xattr.c11
3 files changed, 17 insertions, 3 deletions
diff --git a/fs/namei.c b/fs/namei.c
index f6619af9e957..51cfc9c3ed00 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1353,6 +1353,7 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
1353 return -ENOENT; 1353 return -ENOENT;
1354 1354
1355 BUG_ON(victim->d_parent->d_inode != dir); 1355 BUG_ON(victim->d_parent->d_inode != dir);
1356 audit_inode_child(victim->d_name.name, victim->d_inode, dir->i_ino);
1356 1357
1357 error = permission(dir,MAY_WRITE | MAY_EXEC, NULL); 1358 error = permission(dir,MAY_WRITE | MAY_EXEC, NULL);
1358 if (error) 1359 if (error)
diff --git a/fs/open.c b/fs/open.c
index 70e0230d8e77..70510004d06e 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -27,6 +27,7 @@
27#include <linux/pagemap.h> 27#include <linux/pagemap.h>
28#include <linux/syscalls.h> 28#include <linux/syscalls.h>
29#include <linux/rcupdate.h> 29#include <linux/rcupdate.h>
30#include <linux/audit.h>
30 31
31#include <asm/unistd.h> 32#include <asm/unistd.h>
32 33
@@ -626,6 +627,8 @@ asmlinkage long sys_fchmod(unsigned int fd, mode_t mode)
626 dentry = file->f_dentry; 627 dentry = file->f_dentry;
627 inode = dentry->d_inode; 628 inode = dentry->d_inode;
628 629
630 audit_inode(NULL, inode, 0);
631
629 err = -EROFS; 632 err = -EROFS;
630 if (IS_RDONLY(inode)) 633 if (IS_RDONLY(inode))
631 goto out_putf; 634 goto out_putf;
@@ -775,7 +778,10 @@ asmlinkage long sys_fchown(unsigned int fd, uid_t user, gid_t group)
775 778
776 file = fget(fd); 779 file = fget(fd);
777 if (file) { 780 if (file) {
778 error = chown_common(file->f_dentry, user, group); 781 struct dentry * dentry;
782 dentry = file->f_dentry;
783 audit_inode(NULL, dentry->d_inode, 0);
784 error = chown_common(dentry, user, group);
779 fput(file); 785 fput(file);
780 } 786 }
781 return error; 787 return error;
diff --git a/fs/xattr.c b/fs/xattr.c
index 80eca7d3d69f..e416190f5e9c 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -17,6 +17,7 @@
17#include <linux/syscalls.h> 17#include <linux/syscalls.h>
18#include <linux/module.h> 18#include <linux/module.h>
19#include <linux/fsnotify.h> 19#include <linux/fsnotify.h>
20#include <linux/audit.h>
20#include <asm/uaccess.h> 21#include <asm/uaccess.h>
21 22
22 23
@@ -234,12 +235,15 @@ sys_fsetxattr(int fd, char __user *name, void __user *value,
234 size_t size, int flags) 235 size_t size, int flags)
235{ 236{
236 struct file *f; 237 struct file *f;
238 struct dentry *dentry;
237 int error = -EBADF; 239 int error = -EBADF;
238 240
239 f = fget(fd); 241 f = fget(fd);
240 if (!f) 242 if (!f)
241 return error; 243 return error;
242 error = setxattr(f->f_dentry, name, value, size, flags); 244 dentry = f->f_dentry;
245 audit_inode(NULL, dentry->d_inode, 0);
246 error = setxattr(dentry, name, value, size, flags);
243 fput(f); 247 fput(f);
244 return error; 248 return error;
245} 249}
@@ -458,12 +462,15 @@ asmlinkage long
458sys_fremovexattr(int fd, char __user *name) 462sys_fremovexattr(int fd, char __user *name)
459{ 463{
460 struct file *f; 464 struct file *f;
465 struct dentry *dentry;
461 int error = -EBADF; 466 int error = -EBADF;
462 467
463 f = fget(fd); 468 f = fget(fd);
464 if (!f) 469 if (!f)
465 return error; 470 return error;
466 error = removexattr(f->f_dentry, name); 471 dentry = f->f_dentry;
472 audit_inode(NULL, dentry->d_inode, 0);
473 error = removexattr(dentry, name);
467 fput(f); 474 fput(f);
468 return error; 475 return error;
469} 476}