Merge git://git.infradead.org/users/eparis/audit

Pull audit updates from Eric Paris:
 "Nothing amazing.  Formatting, small bug fixes, couple of fixes where
  we didn't get records due to some old VFS changes, and a change to how
  we collect execve info..."

Fixed conflict in fs/exec.c as per Eric and linux-next.

* git://git.infradead.org/users/eparis/audit: (28 commits)
  audit: fix type of sessionid in audit_set_loginuid()
  audit: call audit_bprm() only once to add AUDIT_EXECVE information
  audit: move audit_aux_data_execve contents into audit_context union
  audit: remove unused envc member of audit_aux_data_execve
  audit: Kill the unused struct audit_aux_data_capset
  audit: do not reject all AUDIT_INODE filter types
  audit: suppress stock memalloc failure warnings since already managed
  audit: log the audit_names record type
  audit: add child record before the create to handle case where create fails
  audit: use given values in tty_audit enable api
  audit: use nlmsg_len() to get message payload length
  audit: use memset instead of trying to initialize field by field
  audit: fix info leak in AUDIT_GET requests
  audit: update AUDIT_INODE filter rule to comparator function
  audit: audit feature to set loginuid immutable
  audit: audit feature to only allow unsetting the loginuid
  audit: allow unsetting the loginuid (with priv)
  audit: remove CONFIG_AUDIT_LOGINUID_IMMUTABLE
  audit: loginuid functions coding style
  selinux: apply selinux checks on new audit message types
  ...

3 files changed, 12 insertions, 8 deletions

diff --git a/fs/exec.c b/fs/exec.c
index 977319fd77f3..7ea097f6b341 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1380,10 +1380,6 @@ int search_binary_handler(struct linux_binprm *bprm)
         if (retval)
                 return retval;
 
-        retval = audit_bprm(bprm);
-        if (retval)
-                return retval;
-
         retval = -ENOENT;
  retry:
         read_lock(&binfmt_lock);
@@ -1431,6 +1427,7 @@ static int exec_binprm(struct linux_binprm *bprm)
 
         ret = search_binary_handler(bprm);
         if (ret >= 0) {
+                audit_bprm(bprm);
                 trace_sched_process_exec(current, old_pid, bprm);
                 ptrace_event(PTRACE_EVENT_EXEC, old_vpid);
                 current->did_exec = 1;
diff --git a/fs/namei.c b/fs/namei.c
index e029a4cbff7d..8f77a8cea289 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2435,6 +2435,7 @@ static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
  */
 static inline int may_create(struct inode *dir, struct dentry *child)
 {
+        audit_inode_child(dir, child, AUDIT_TYPE_CHILD_CREATE);
         if (child->d_inode)
                 return -EEXIST;
         if (IS_DEADDIR(dir))
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 1485e38daaa3..03c8d747be48 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1151,10 +1151,16 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
                 goto out_free_page;
 
         }
-        kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
-        if (!uid_valid(kloginuid)) {
-                length = -EINVAL;
-                goto out_free_page;
+
+        /* is userspace tring to explicitly UNSET the loginuid? */
+        if (loginuid == AUDIT_UID_UNSET) {
+                kloginuid = INVALID_UID;
+        } else {
+                kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
+                if (!uid_valid(kloginuid)) {
+                        length = -EINVAL;
+                        goto out_free_page;
+                }
         }
 
         length = audit_set_loginuid(kloginuid);