diff options
author | Amy Griffis <amy.griffis@hp.com> | 2005-11-03 11:00:25 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-03-20 14:08:53 -0500 |
commit | 73241ccca0f7786933f1d31b3d86f2456549953a (patch) | |
tree | daa7efabfb7aa2f511a467606786820949e8763e /fs | |
parent | f38aa94224c5517a40ba56d453779f70d3229803 (diff) |
[PATCH] Collect more inode information during syscall processing.
This patch augments the collection of inode info during syscall
processing. It represents part of the functionality that was provided
by the auditfs patch included in RHEL4.
Specifically, it:
- Collects information for target inodes created or removed during
syscalls. Previous code only collects information for the target
inode's parent.
- Adds the audit_inode() hook to syscalls that operate on a file
descriptor (e.g. fchown), enabling audit to do inode filtering for
these calls.
- Modifies filtering code to check audit context for either an inode #
or a parent inode # matching a given rule.
- Modifies logging to provide inode # for both parent and child.
- Protect debug info from NULL audit_names.name.
[AV: folded a later typo fix from the same author]
Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/namei.c | 1 | ||||
-rw-r--r-- | fs/open.c | 8 | ||||
-rw-r--r-- | fs/xattr.c | 11 |
3 files changed, 17 insertions, 3 deletions
diff --git a/fs/namei.c b/fs/namei.c index f6619af9e957..51cfc9c3ed00 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -1353,6 +1353,7 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir) | |||
1353 | return -ENOENT; | 1353 | return -ENOENT; |
1354 | 1354 | ||
1355 | BUG_ON(victim->d_parent->d_inode != dir); | 1355 | BUG_ON(victim->d_parent->d_inode != dir); |
1356 | audit_inode_child(victim->d_name.name, victim->d_inode, dir->i_ino); | ||
1356 | 1357 | ||
1357 | error = permission(dir,MAY_WRITE | MAY_EXEC, NULL); | 1358 | error = permission(dir,MAY_WRITE | MAY_EXEC, NULL); |
1358 | if (error) | 1359 | if (error) |
@@ -27,6 +27,7 @@ | |||
27 | #include <linux/pagemap.h> | 27 | #include <linux/pagemap.h> |
28 | #include <linux/syscalls.h> | 28 | #include <linux/syscalls.h> |
29 | #include <linux/rcupdate.h> | 29 | #include <linux/rcupdate.h> |
30 | #include <linux/audit.h> | ||
30 | 31 | ||
31 | #include <asm/unistd.h> | 32 | #include <asm/unistd.h> |
32 | 33 | ||
@@ -626,6 +627,8 @@ asmlinkage long sys_fchmod(unsigned int fd, mode_t mode) | |||
626 | dentry = file->f_dentry; | 627 | dentry = file->f_dentry; |
627 | inode = dentry->d_inode; | 628 | inode = dentry->d_inode; |
628 | 629 | ||
630 | audit_inode(NULL, inode, 0); | ||
631 | |||
629 | err = -EROFS; | 632 | err = -EROFS; |
630 | if (IS_RDONLY(inode)) | 633 | if (IS_RDONLY(inode)) |
631 | goto out_putf; | 634 | goto out_putf; |
@@ -775,7 +778,10 @@ asmlinkage long sys_fchown(unsigned int fd, uid_t user, gid_t group) | |||
775 | 778 | ||
776 | file = fget(fd); | 779 | file = fget(fd); |
777 | if (file) { | 780 | if (file) { |
778 | error = chown_common(file->f_dentry, user, group); | 781 | struct dentry * dentry; |
782 | dentry = file->f_dentry; | ||
783 | audit_inode(NULL, dentry->d_inode, 0); | ||
784 | error = chown_common(dentry, user, group); | ||
779 | fput(file); | 785 | fput(file); |
780 | } | 786 | } |
781 | return error; | 787 | return error; |
diff --git a/fs/xattr.c b/fs/xattr.c index 80eca7d3d69f..e416190f5e9c 100644 --- a/fs/xattr.c +++ b/fs/xattr.c | |||
@@ -17,6 +17,7 @@ | |||
17 | #include <linux/syscalls.h> | 17 | #include <linux/syscalls.h> |
18 | #include <linux/module.h> | 18 | #include <linux/module.h> |
19 | #include <linux/fsnotify.h> | 19 | #include <linux/fsnotify.h> |
20 | #include <linux/audit.h> | ||
20 | #include <asm/uaccess.h> | 21 | #include <asm/uaccess.h> |
21 | 22 | ||
22 | 23 | ||
@@ -234,12 +235,15 @@ sys_fsetxattr(int fd, char __user *name, void __user *value, | |||
234 | size_t size, int flags) | 235 | size_t size, int flags) |
235 | { | 236 | { |
236 | struct file *f; | 237 | struct file *f; |
238 | struct dentry *dentry; | ||
237 | int error = -EBADF; | 239 | int error = -EBADF; |
238 | 240 | ||
239 | f = fget(fd); | 241 | f = fget(fd); |
240 | if (!f) | 242 | if (!f) |
241 | return error; | 243 | return error; |
242 | error = setxattr(f->f_dentry, name, value, size, flags); | 244 | dentry = f->f_dentry; |
245 | audit_inode(NULL, dentry->d_inode, 0); | ||
246 | error = setxattr(dentry, name, value, size, flags); | ||
243 | fput(f); | 247 | fput(f); |
244 | return error; | 248 | return error; |
245 | } | 249 | } |
@@ -458,12 +462,15 @@ asmlinkage long | |||
458 | sys_fremovexattr(int fd, char __user *name) | 462 | sys_fremovexattr(int fd, char __user *name) |
459 | { | 463 | { |
460 | struct file *f; | 464 | struct file *f; |
465 | struct dentry *dentry; | ||
461 | int error = -EBADF; | 466 | int error = -EBADF; |
462 | 467 | ||
463 | f = fget(fd); | 468 | f = fget(fd); |
464 | if (!f) | 469 | if (!f) |
465 | return error; | 470 | return error; |
466 | error = removexattr(f->f_dentry, name); | 471 | dentry = f->f_dentry; |
472 | audit_inode(NULL, dentry->d_inode, 0); | ||
473 | error = removexattr(dentry, name); | ||
467 | fput(f); | 474 | fput(f); |
468 | return error; | 475 | return error; |
469 | } | 476 | } |