diff options
author | Amy Griffis <amy.griffis@hp.com> | 2006-06-08 23:19:31 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-06-20 05:25:28 -0400 |
commit | 9c937dcc71021f2dbf78f904f03d962dd9bcc130 (patch) | |
tree | 6ab53c1cf1235515307d521cecc4f76afa34e137 /include/linux | |
parent | 6a2bceec0ea7fdc47aef9a3f2f771c201eaabe5d (diff) |
[PATCH] log more info for directory entry change events
When an audit event involves changes to a directory entry, include
a PATH record for the directory itself. A few other notable changes:
- fixed audit_inode_child() hooks in fsnotify_move()
- removed unused flags arg from audit_inode()
- added audit log routines for logging a portion of a string
Here's some sample output.
before patch:
type=SYSCALL msg=audit(1149821605.320:26): arch=40000003 syscall=39 success=yes exit=0 a0=bf8d3c7c a1=1ff a2=804e1b8 a3=bf8d3c7c items=1 ppid=739 pid=800 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 comm="mkdir" exe="/bin/mkdir" subj=root:system_r:unconfined_t:s0-s0:c0.c255
type=CWD msg=audit(1149821605.320:26): cwd="/root"
type=PATH msg=audit(1149821605.320:26): item=0 name="foo" parent=164068 inode=164010 dev=03:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_t:s0
after patch:
type=SYSCALL msg=audit(1149822032.332:24): arch=40000003 syscall=39 success=yes exit=0 a0=bfdd9c7c a1=1ff a2=804e1b8 a3=bfdd9c7c items=2 ppid=714 pid=777 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 comm="mkdir" exe="/bin/mkdir" subj=root:system_r:unconfined_t:s0-s0:c0.c255
type=CWD msg=audit(1149822032.332:24): cwd="/root"
type=PATH msg=audit(1149822032.332:24): item=0 name="/root" inode=164068 dev=03:00 mode=040750 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_dir_t:s0
type=PATH msg=audit(1149822032.332:24): item=1 name="foo" inode=164010 dev=03:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_t:s0
Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/audit.h | 15 | ||||
-rw-r--r-- | include/linux/fsnotify.h | 3 |
2 files changed, 10 insertions, 8 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index c78327507f4e..e1c1dbdf9efb 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -310,7 +310,7 @@ extern void audit_syscall_entry(int arch, | |||
310 | extern void audit_syscall_exit(int failed, long return_code); | 310 | extern void audit_syscall_exit(int failed, long return_code); |
311 | extern void __audit_getname(const char *name); | 311 | extern void __audit_getname(const char *name); |
312 | extern void audit_putname(const char *name); | 312 | extern void audit_putname(const char *name); |
313 | extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags); | 313 | extern void __audit_inode(const char *name, const struct inode *inode); |
314 | extern void __audit_inode_child(const char *dname, const struct inode *inode, | 314 | extern void __audit_inode_child(const char *dname, const struct inode *inode, |
315 | unsigned long pino); | 315 | unsigned long pino); |
316 | static inline void audit_getname(const char *name) | 316 | static inline void audit_getname(const char *name) |
@@ -318,10 +318,9 @@ static inline void audit_getname(const char *name) | |||
318 | if (unlikely(current->audit_context)) | 318 | if (unlikely(current->audit_context)) |
319 | __audit_getname(name); | 319 | __audit_getname(name); |
320 | } | 320 | } |
321 | static inline void audit_inode(const char *name, const struct inode *inode, | 321 | static inline void audit_inode(const char *name, const struct inode *inode) { |
322 | unsigned flags) { | ||
323 | if (unlikely(current->audit_context)) | 322 | if (unlikely(current->audit_context)) |
324 | __audit_inode(name, inode, flags); | 323 | __audit_inode(name, inode); |
325 | } | 324 | } |
326 | static inline void audit_inode_child(const char *dname, | 325 | static inline void audit_inode_child(const char *dname, |
327 | const struct inode *inode, | 326 | const struct inode *inode, |
@@ -398,9 +397,9 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) | |||
398 | #define audit_syscall_exit(f,r) do { ; } while (0) | 397 | #define audit_syscall_exit(f,r) do { ; } while (0) |
399 | #define audit_getname(n) do { ; } while (0) | 398 | #define audit_getname(n) do { ; } while (0) |
400 | #define audit_putname(n) do { ; } while (0) | 399 | #define audit_putname(n) do { ; } while (0) |
401 | #define __audit_inode(n,i,f) do { ; } while (0) | 400 | #define __audit_inode(n,i) do { ; } while (0) |
402 | #define __audit_inode_child(d,i,p) do { ; } while (0) | 401 | #define __audit_inode_child(d,i,p) do { ; } while (0) |
403 | #define audit_inode(n,i,f) do { ; } while (0) | 402 | #define audit_inode(n,i) do { ; } while (0) |
404 | #define audit_inode_child(d,i,p) do { ; } while (0) | 403 | #define audit_inode_child(d,i,p) do { ; } while (0) |
405 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | 404 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) |
406 | #define audit_get_loginuid(c) ({ -1; }) | 405 | #define audit_get_loginuid(c) ({ -1; }) |
@@ -435,6 +434,9 @@ extern void audit_log_hex(struct audit_buffer *ab, | |||
435 | size_t len); | 434 | size_t len); |
436 | extern const char * audit_log_untrustedstring(struct audit_buffer *ab, | 435 | extern const char * audit_log_untrustedstring(struct audit_buffer *ab, |
437 | const char *string); | 436 | const char *string); |
437 | extern const char * audit_log_n_untrustedstring(struct audit_buffer *ab, | ||
438 | size_t n, | ||
439 | const char *string); | ||
438 | extern void audit_log_d_path(struct audit_buffer *ab, | 440 | extern void audit_log_d_path(struct audit_buffer *ab, |
439 | const char *prefix, | 441 | const char *prefix, |
440 | struct dentry *dentry, | 442 | struct dentry *dentry, |
@@ -452,6 +454,7 @@ extern int audit_receive_filter(int type, int pid, int uid, int seq, | |||
452 | #define audit_log_end(b) do { ; } while (0) | 454 | #define audit_log_end(b) do { ; } while (0) |
453 | #define audit_log_hex(a,b,l) do { ; } while (0) | 455 | #define audit_log_hex(a,b,l) do { ; } while (0) |
454 | #define audit_log_untrustedstring(a,s) do { ; } while (0) | 456 | #define audit_log_untrustedstring(a,s) do { ; } while (0) |
457 | #define audit_log_n_untrustedstring(a,n,s) do { ; } while (0) | ||
455 | #define audit_log_d_path(b,p,d,v) do { ; } while (0) | 458 | #define audit_log_d_path(b,p,d,v) do { ; } while (0) |
456 | #endif | 459 | #endif |
457 | #endif | 460 | #endif |
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index a9d30442448f..cc5dec70c32c 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h | |||
@@ -67,8 +67,7 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, | |||
67 | if (source) { | 67 | if (source) { |
68 | inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL, NULL); | 68 | inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL, NULL); |
69 | } | 69 | } |
70 | audit_inode_child(old_name, source, old_dir->i_ino); | 70 | audit_inode_child(new_name, source, new_dir->i_ino); |
71 | audit_inode_child(new_name, target, new_dir->i_ino); | ||
72 | } | 71 | } |
73 | 72 | ||
74 | /* | 73 | /* |