aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorAmy Griffis <amy.griffis@hp.com>2006-06-08 23:19:31 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2006-06-20 05:25:28 -0400
commit9c937dcc71021f2dbf78f904f03d962dd9bcc130 (patch)
tree6ab53c1cf1235515307d521cecc4f76afa34e137 /include/linux
parent6a2bceec0ea7fdc47aef9a3f2f771c201eaabe5d (diff)
[PATCH] log more info for directory entry change events
When an audit event involves changes to a directory entry, include a PATH record for the directory itself. A few other notable changes: - fixed audit_inode_child() hooks in fsnotify_move() - removed unused flags arg from audit_inode() - added audit log routines for logging a portion of a string Here's some sample output. before patch: type=SYSCALL msg=audit(1149821605.320:26): arch=40000003 syscall=39 success=yes exit=0 a0=bf8d3c7c a1=1ff a2=804e1b8 a3=bf8d3c7c items=1 ppid=739 pid=800 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 comm="mkdir" exe="/bin/mkdir" subj=root:system_r:unconfined_t:s0-s0:c0.c255 type=CWD msg=audit(1149821605.320:26): cwd="/root" type=PATH msg=audit(1149821605.320:26): item=0 name="foo" parent=164068 inode=164010 dev=03:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_t:s0 after patch: type=SYSCALL msg=audit(1149822032.332:24): arch=40000003 syscall=39 success=yes exit=0 a0=bfdd9c7c a1=1ff a2=804e1b8 a3=bfdd9c7c items=2 ppid=714 pid=777 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 comm="mkdir" exe="/bin/mkdir" subj=root:system_r:unconfined_t:s0-s0:c0.c255 type=CWD msg=audit(1149822032.332:24): cwd="/root" type=PATH msg=audit(1149822032.332:24): item=0 name="/root" inode=164068 dev=03:00 mode=040750 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_dir_t:s0 type=PATH msg=audit(1149822032.332:24): item=1 name="foo" inode=164010 dev=03:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_t:s0 Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/audit.h15
-rw-r--r--include/linux/fsnotify.h3
2 files changed, 10 insertions, 8 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index c78327507f4e..e1c1dbdf9efb 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -310,7 +310,7 @@ extern void audit_syscall_entry(int arch,
310extern void audit_syscall_exit(int failed, long return_code); 310extern void audit_syscall_exit(int failed, long return_code);
311extern void __audit_getname(const char *name); 311extern void __audit_getname(const char *name);
312extern void audit_putname(const char *name); 312extern void audit_putname(const char *name);
313extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags); 313extern void __audit_inode(const char *name, const struct inode *inode);
314extern void __audit_inode_child(const char *dname, const struct inode *inode, 314extern void __audit_inode_child(const char *dname, const struct inode *inode,
315 unsigned long pino); 315 unsigned long pino);
316static inline void audit_getname(const char *name) 316static inline void audit_getname(const char *name)
@@ -318,10 +318,9 @@ static inline void audit_getname(const char *name)
318 if (unlikely(current->audit_context)) 318 if (unlikely(current->audit_context))
319 __audit_getname(name); 319 __audit_getname(name);
320} 320}
321static inline void audit_inode(const char *name, const struct inode *inode, 321static inline void audit_inode(const char *name, const struct inode *inode) {
322 unsigned flags) {
323 if (unlikely(current->audit_context)) 322 if (unlikely(current->audit_context))
324 __audit_inode(name, inode, flags); 323 __audit_inode(name, inode);
325} 324}
326static inline void audit_inode_child(const char *dname, 325static inline void audit_inode_child(const char *dname,
327 const struct inode *inode, 326 const struct inode *inode,
@@ -398,9 +397,9 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
398#define audit_syscall_exit(f,r) do { ; } while (0) 397#define audit_syscall_exit(f,r) do { ; } while (0)
399#define audit_getname(n) do { ; } while (0) 398#define audit_getname(n) do { ; } while (0)
400#define audit_putname(n) do { ; } while (0) 399#define audit_putname(n) do { ; } while (0)
401#define __audit_inode(n,i,f) do { ; } while (0) 400#define __audit_inode(n,i) do { ; } while (0)
402#define __audit_inode_child(d,i,p) do { ; } while (0) 401#define __audit_inode_child(d,i,p) do { ; } while (0)
403#define audit_inode(n,i,f) do { ; } while (0) 402#define audit_inode(n,i) do { ; } while (0)
404#define audit_inode_child(d,i,p) do { ; } while (0) 403#define audit_inode_child(d,i,p) do { ; } while (0)
405#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) 404#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
406#define audit_get_loginuid(c) ({ -1; }) 405#define audit_get_loginuid(c) ({ -1; })
@@ -435,6 +434,9 @@ extern void audit_log_hex(struct audit_buffer *ab,
435 size_t len); 434 size_t len);
436extern const char * audit_log_untrustedstring(struct audit_buffer *ab, 435extern const char * audit_log_untrustedstring(struct audit_buffer *ab,
437 const char *string); 436 const char *string);
437extern const char * audit_log_n_untrustedstring(struct audit_buffer *ab,
438 size_t n,
439 const char *string);
438extern void audit_log_d_path(struct audit_buffer *ab, 440extern void audit_log_d_path(struct audit_buffer *ab,
439 const char *prefix, 441 const char *prefix,
440 struct dentry *dentry, 442 struct dentry *dentry,
@@ -452,6 +454,7 @@ extern int audit_receive_filter(int type, int pid, int uid, int seq,
452#define audit_log_end(b) do { ; } while (0) 454#define audit_log_end(b) do { ; } while (0)
453#define audit_log_hex(a,b,l) do { ; } while (0) 455#define audit_log_hex(a,b,l) do { ; } while (0)
454#define audit_log_untrustedstring(a,s) do { ; } while (0) 456#define audit_log_untrustedstring(a,s) do { ; } while (0)
457#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)
455#define audit_log_d_path(b,p,d,v) do { ; } while (0) 458#define audit_log_d_path(b,p,d,v) do { ; } while (0)
456#endif 459#endif
457#endif 460#endif
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index a9d30442448f..cc5dec70c32c 100644
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -67,8 +67,7 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir,
67 if (source) { 67 if (source) {
68 inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL, NULL); 68 inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL, NULL);
69 } 69 }
70 audit_inode_child(old_name, source, old_dir->i_ino); 70 audit_inode_child(new_name, source, new_dir->i_ino);
71 audit_inode_child(new_name, target, new_dir->i_ino);
72} 71}
73 72
74/* 73/*