Merge git://git.infradead.org/users/eparis/audit

Pull audit updates from Eric Paris: "Nothing amazing. Formatting, small bug fixes, couple of fixes where we didn't get records due to some old VFS changes, and a change to how we collect execve info..." Fixed conflict in fs/exec.c as per Eric and linux-next. * git://git.infradead.org/users/eparis/audit: (28 commits) audit: fix type of sessionid in audit_set_loginuid() audit: call audit_bprm() only once to add AUDIT_EXECVE information audit: move audit_aux_data_execve contents into audit_context union audit: remove unused envc member of audit_aux_data_execve audit: Kill the unused struct audit_aux_data_capset audit: do not reject all AUDIT_INODE filter types audit: suppress stock memalloc failure warnings since already managed audit: log the audit_names record type audit: add child record before the create to handle case where create fails audit: use given values in tty_audit enable api audit: use nlmsg_len() to get message payload length audit: use memset instead of trying to initialize field by field audit: fix info leak in AUDIT_GET requests audit: update AUDIT_INODE filter rule to comparator function audit: audit feature to set loginuid immutable audit: audit feature to only allow unsetting the loginuid audit: allow unsetting the loginuid (with priv) audit: remove CONFIG_AUDIT_LOGINUID_IMMUTABLE audit: loginuid functions coding style selinux: apply selinux checks on new audit message types ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2013-11-21 22:18:14 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-11-21 22:18:14 -0500
commit: 3eaded86ac3e7f00fb3eeb8162d89e9a34e42fb0 (patch)
tree: 4c48b9f1739dcb034186956bf39908803b524154 /include/uapi
parent: 527d1511310a89650000081869260394e20c7013 (diff)
parent: 9175c9d2aed528800175ef81c90569d00d23f9be (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index db0b825b4810..44b05a09f193 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -68,6 +68,9 @@
 #define AUDIT_MAKE_EQUIV        1015    /* Append to watched tree */
 #define AUDIT_TTY_GET           1016    /* Get TTY auditing status */
 #define AUDIT_TTY_SET           1017    /* Set TTY auditing status */
+#define AUDIT_SET_FEATURE       1018    /* Turn an audit feature on or off */
+#define AUDIT_GET_FEATURE       1019    /* Get which features are enabled */
+#define AUDIT_FEATURE_CHANGE    1020    /* audit log listing feature changes */
 #define AUDIT_FIRST_USER_MSG    1100    /* Userspace messages mostly uninteresting to kernel */
 #define AUDIT_USER_AVC          1107    /* We filter this differently */
@@ -357,6 +360,12 @@ enum {
 #define AUDIT_PERM_READ         4
 #define AUDIT_PERM_ATTR         8
+/* MAX_AUDIT_MESSAGE_LENGTH is set in audit:lib/libaudit.h as:
+ * 8970 // PATH_MAX*2+CONTEXT_SIZE*2+11+256+1
+ * max header+body+tailer: 44 + 29 + 32 + 262 + 7 + pad
+ */
+#define AUDIT_MESSAGE_TEXT_MAX  8560
 struct audit_status {
        __u32           mask;           /* Bit mask for valid entries */
        __u32           enabled;        /* 1 = enabled, 0 = disabled */
@@ -368,11 +377,28 @@ struct audit_status {
        __u32           backlog;        /* messages waiting in queue */
 };
+struct audit_features {
+#define AUDIT_FEATURE_VERSION   1
+        __u32   vers;
+        __u32   mask;           /* which bits we are dealing with */
+        __u32   features;       /* which feature to enable/disable */
+        __u32   lock;           /* which features to lock */
+};
+#define AUDIT_FEATURE_ONLY_UNSET_LOGINUID       0
+#define AUDIT_FEATURE_LOGINUID_IMMUTABLE        1
+#define AUDIT_LAST_FEATURE                      AUDIT_FEATURE_LOGINUID_IMMUTABLE
+#define audit_feature_valid(x)          ((x) >= 0 && (x) <= AUDIT_LAST_FEATURE)
+#define AUDIT_FEATURE_TO_MASK(x)        (1 << ((x) & 31)) /* mask for __u32 */
 struct audit_tty_status {
        __u32           enabled;        /* 1 = enabled, 0 = disabled */
        __u32           log_passwd;     /* 1 = enabled, 0 = disabled */
 };
+#define AUDIT_UID_UNSET (unsigned int)-1
 /* audit_rule_data supports filter rules with both integer and string
 * fields.  It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and
 * AUDIT_LIST_RULES requests.
author	Linus Torvalds <torvalds@linux-foundation.org>	2013-11-21 22:18:14 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-11-21 22:18:14 -0500
commit	3eaded86ac3e7f00fb3eeb8162d89e9a34e42fb0 (patch)
tree	4c48b9f1739dcb034186956bf39908803b524154 /include/uapi
parent	527d1511310a89650000081869260394e20c7013 (diff)
parent	9175c9d2aed528800175ef81c90569d00d23f9be (diff)

diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index db0b825b4810..44b05a09f193 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h
@@ -68,6 +68,9 @@
68	#define AUDIT_MAKE_EQUIV 1015 /* Append to watched tree */	68	#define AUDIT_MAKE_EQUIV 1015 /* Append to watched tree */
69	#define AUDIT_TTY_GET 1016 /* Get TTY auditing status */	69	#define AUDIT_TTY_GET 1016 /* Get TTY auditing status */
70	#define AUDIT_TTY_SET 1017 /* Set TTY auditing status */	70	#define AUDIT_TTY_SET 1017 /* Set TTY auditing status */
		71	#define AUDIT_SET_FEATURE 1018 /* Turn an audit feature on or off */
		72	#define AUDIT_GET_FEATURE 1019 /* Get which features are enabled */
		73	#define AUDIT_FEATURE_CHANGE 1020 /* audit log listing feature changes */
71		74
72	#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */	75	#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */
73	#define AUDIT_USER_AVC 1107 /* We filter this differently */	76	#define AUDIT_USER_AVC 1107 /* We filter this differently */
@@ -357,6 +360,12 @@ enum {
357	#define AUDIT_PERM_READ 4	360	#define AUDIT_PERM_READ 4
358	#define AUDIT_PERM_ATTR 8	361	#define AUDIT_PERM_ATTR 8
359		362
		363	/* MAX_AUDIT_MESSAGE_LENGTH is set in audit:lib/libaudit.h as:
		364	* 8970 // PATH_MAX2+CONTEXT_SIZE2+11+256+1
		365	* max header+body+tailer: 44 + 29 + 32 + 262 + 7 + pad
		366	*/
		367	#define AUDIT_MESSAGE_TEXT_MAX 8560
		368
360	struct audit_status {	369	struct audit_status {
361	__u32 mask; /* Bit mask for valid entries */	370	__u32 mask; /* Bit mask for valid entries */
362	__u32 enabled; /* 1 = enabled, 0 = disabled */	371	__u32 enabled; /* 1 = enabled, 0 = disabled */
@@ -368,11 +377,28 @@ struct audit_status {
368	__u32 backlog; /* messages waiting in queue */	377	__u32 backlog; /* messages waiting in queue */
369	};	378	};
370		379
		380	struct audit_features {
		381	#define AUDIT_FEATURE_VERSION 1
		382	__u32 vers;
		383	__u32 mask; /* which bits we are dealing with */
		384	__u32 features; /* which feature to enable/disable */
		385	__u32 lock; /* which features to lock */
		386	};
		387
		388	#define AUDIT_FEATURE_ONLY_UNSET_LOGINUID 0
		389	#define AUDIT_FEATURE_LOGINUID_IMMUTABLE 1
		390	#define AUDIT_LAST_FEATURE AUDIT_FEATURE_LOGINUID_IMMUTABLE
		391
		392	#define audit_feature_valid(x) ((x) >= 0 && (x) <= AUDIT_LAST_FEATURE)
		393	#define AUDIT_FEATURE_TO_MASK(x) (1 << ((x) & 31)) /* mask for __u32 */
		394
371	struct audit_tty_status {	395	struct audit_tty_status {
372	__u32 enabled; /* 1 = enabled, 0 = disabled */	396	__u32 enabled; /* 1 = enabled, 0 = disabled */
373	__u32 log_passwd; /* 1 = enabled, 0 = disabled */	397	__u32 log_passwd; /* 1 = enabled, 0 = disabled */
374	};	398	};
375		399
		400	#define AUDIT_UID_UNSET (unsigned int)-1
		401
376	/* audit_rule_data supports filter rules with both integer and string	402	/* audit_rule_data supports filter rules with both integer and string
377	* fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and	403	* fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and
378	* AUDIT_LIST_RULES requests.	404	* AUDIT_LIST_RULES requests.