diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-02-01 16:37:03 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-02-01 16:37:03 -0500 |
| commit | dd5f5fed6c9458a7aa81eeef3732cc3a9891cfdf (patch) | |
| tree | 06b81942dc218763889efe65faf08aeb23e71f03 /include | |
| parent | 3e01dfce1387f8bec41018f0d7b42fd88ad4163f (diff) | |
| parent | 7759db82774802885f96c250b36c3dfe317e62ff (diff) | |
Merge branch 'audit.b46' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b46' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
[AUDIT] Add uid, gid fields to ANOM_PROMISCUOUS message
[AUDIT] ratelimit printk messages audit
[patch 2/2] audit: complement va_copy with va_end()
[patch 1/2] kernel/audit.c: warning fix
[AUDIT] create context if auditing was ever enabled
[AUDIT] clean up audit_receive_msg()
[AUDIT] make audit=0 really stop audit messages
[AUDIT] break large execve argument logging into smaller messages
[AUDIT] include audit type in audit message when using printk
[AUDIT] do not panic on exclude messages in audit_log_pid_context()
[AUDIT] Add End of Event record
[AUDIT] add session id to audit messages
[AUDIT] collect uid, loginuid, and comm in OBJ_PID records
[AUDIT] return EINTR not ERESTART*
[PATCH] get rid of loginuid races
[PATCH] switch audit_get_loginuid() to task_struct *
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/audit.h | 13 | ||||
| -rw-r--r-- | include/linux/init_task.h | 8 | ||||
| -rw-r--r-- | include/linux/sched.h | 4 |
3 files changed, 21 insertions, 4 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index bdd6f5de5fc4..97153027207a 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
| @@ -98,6 +98,7 @@ | |||
| 98 | #define AUDIT_FD_PAIR 1317 /* audit record for pipe/socketpair */ | 98 | #define AUDIT_FD_PAIR 1317 /* audit record for pipe/socketpair */ |
| 99 | #define AUDIT_OBJ_PID 1318 /* ptrace target */ | 99 | #define AUDIT_OBJ_PID 1318 /* ptrace target */ |
| 100 | #define AUDIT_TTY 1319 /* Input on an administrative TTY */ | 100 | #define AUDIT_TTY 1319 /* Input on an administrative TTY */ |
| 101 | #define AUDIT_EOE 1320 /* End of multi-record event */ | ||
| 101 | 102 | ||
| 102 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ | 103 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ |
| 103 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ | 104 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ |
| @@ -409,7 +410,8 @@ extern unsigned int audit_serial(void); | |||
| 409 | extern void auditsc_get_stamp(struct audit_context *ctx, | 410 | extern void auditsc_get_stamp(struct audit_context *ctx, |
| 410 | struct timespec *t, unsigned int *serial); | 411 | struct timespec *t, unsigned int *serial); |
| 411 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); | 412 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); |
| 412 | extern uid_t audit_get_loginuid(struct audit_context *ctx); | 413 | #define audit_get_loginuid(t) ((t)->loginuid) |
| 414 | #define audit_get_sessionid(t) ((t)->sessionid) | ||
| 413 | extern void audit_log_task_context(struct audit_buffer *ab); | 415 | extern void audit_log_task_context(struct audit_buffer *ab); |
| 414 | extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp); | 416 | extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp); |
| 415 | extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); | 417 | extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); |
| @@ -488,7 +490,8 @@ extern int audit_signals; | |||
| 488 | #define audit_inode_child(d,i,p) do { ; } while (0) | 490 | #define audit_inode_child(d,i,p) do { ; } while (0) |
| 489 | #define audit_core_dumps(i) do { ; } while (0) | 491 | #define audit_core_dumps(i) do { ; } while (0) |
| 490 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | 492 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) |
| 491 | #define audit_get_loginuid(c) ({ -1; }) | 493 | #define audit_get_loginuid(t) (-1) |
| 494 | #define audit_get_sessionid(t) (-1) | ||
| 492 | #define audit_log_task_context(b) do { ; } while (0) | 495 | #define audit_log_task_context(b) do { ; } while (0) |
| 493 | #define audit_ipc_obj(i) ({ 0; }) | 496 | #define audit_ipc_obj(i) ({ 0; }) |
| 494 | #define audit_ipc_set_perm(q,u,g,m) ({ 0; }) | 497 | #define audit_ipc_set_perm(q,u,g,m) ({ 0; }) |
| @@ -522,9 +525,11 @@ extern void audit_log_end(struct audit_buffer *ab); | |||
| 522 | extern void audit_log_hex(struct audit_buffer *ab, | 525 | extern void audit_log_hex(struct audit_buffer *ab, |
| 523 | const unsigned char *buf, | 526 | const unsigned char *buf, |
| 524 | size_t len); | 527 | size_t len); |
| 525 | extern const char * audit_log_untrustedstring(struct audit_buffer *ab, | 528 | extern int audit_string_contains_control(const char *string, |
| 529 | size_t len); | ||
| 530 | extern void audit_log_untrustedstring(struct audit_buffer *ab, | ||
| 526 | const char *string); | 531 | const char *string); |
| 527 | extern const char * audit_log_n_untrustedstring(struct audit_buffer *ab, | 532 | extern void audit_log_n_untrustedstring(struct audit_buffer *ab, |
| 528 | size_t n, | 533 | size_t n, |
| 529 | const char *string); | 534 | const char *string); |
| 530 | extern void audit_log_d_path(struct audit_buffer *ab, | 535 | extern void audit_log_d_path(struct audit_buffer *ab, |
diff --git a/include/linux/init_task.h b/include/linux/init_task.h index e6b3f7080679..f42663eaf655 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h | |||
| @@ -114,6 +114,13 @@ extern struct group_info init_groups; | |||
| 114 | .pid = &init_struct_pid, \ | 114 | .pid = &init_struct_pid, \ |
| 115 | } | 115 | } |
| 116 | 116 | ||
| 117 | #ifdef CONFIG_AUDITSYSCALL | ||
| 118 | #define INIT_IDS \ | ||
| 119 | .loginuid = -1, \ | ||
| 120 | .sessionid = -1, | ||
| 121 | #else | ||
| 122 | #define INIT_IDS | ||
| 123 | #endif | ||
| 117 | /* | 124 | /* |
| 118 | * INIT_TASK is used to set up the first task table, touch at | 125 | * INIT_TASK is used to set up the first task table, touch at |
| 119 | * your own risk!. Base=0, limit=0x1fffff (=2MB) | 126 | * your own risk!. Base=0, limit=0x1fffff (=2MB) |
| @@ -173,6 +180,7 @@ extern struct group_info init_groups; | |||
| 173 | [PIDTYPE_SID] = INIT_PID_LINK(PIDTYPE_SID), \ | 180 | [PIDTYPE_SID] = INIT_PID_LINK(PIDTYPE_SID), \ |
| 174 | }, \ | 181 | }, \ |
| 175 | .dirties = INIT_PROP_LOCAL_SINGLE(dirties), \ | 182 | .dirties = INIT_PROP_LOCAL_SINGLE(dirties), \ |
| 183 | INIT_IDS \ | ||
| 176 | INIT_TRACE_IRQFLAGS \ | 184 | INIT_TRACE_IRQFLAGS \ |
| 177 | INIT_LOCKDEP \ | 185 | INIT_LOCKDEP \ |
| 178 | } | 186 | } |
diff --git a/include/linux/sched.h b/include/linux/sched.h index 6c333579d9da..af6947e69b40 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h | |||
| @@ -1139,6 +1139,10 @@ struct task_struct { | |||
| 1139 | void *security; | 1139 | void *security; |
| 1140 | #endif | 1140 | #endif |
| 1141 | struct audit_context *audit_context; | 1141 | struct audit_context *audit_context; |
| 1142 | #ifdef CONFIG_AUDITSYSCALL | ||
| 1143 | uid_t loginuid; | ||
| 1144 | unsigned int sessionid; | ||
| 1145 | #endif | ||
| 1142 | seccomp_t seccomp; | 1146 | seccomp_t seccomp; |
| 1143 | 1147 | ||
| 1144 | /* Thread group tracking */ | 1148 | /* Thread group tracking */ |