Merge git://git.infradead.org/users/eparis/audit

Pull audit updates from Eric Paris. * git://git.infradead.org/users/eparis/audit: (28 commits) AUDIT: make audit_is_compat depend on CONFIG_AUDIT_COMPAT_GENERIC audit: renumber AUDIT_FEATURE_CHANGE into the 1300 range audit: do not cast audit_rule_data pointers pointlesly AUDIT: Allow login in non-init namespaces audit: define audit_is_compat in kernel internal header kernel: Use RCU_INIT_POINTER(x, NULL) in audit.c sched: declare pid_alive as inline audit: use uapi/linux/audit.h for AUDIT_ARCH declarations syscall_get_arch: remove useless function arguments audit: remove stray newline from audit_log_execve_info() audit_panic() call audit: remove stray newlines from audit_log_lost messages audit: include subject in login records audit: remove superfluous new- prefix in AUDIT_LOGIN messages audit: allow user processes to log from another PID namespace audit: anchor all pid references in the initial pid namespace audit: convert PPIDs to the inital PID namespace. pid: get pid_t ppid of task in init_pid_ns audit: rename the misleading audit_get_context() to audit_take_context() audit: Add generic compat syscall support audit: Add CONFIG_HAVE_ARCH_AUDITSYSCALL ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2014-04-12 15:38:53 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2014-04-12 15:38:53 -0400
commit: 0b747172dce6e0905ab173afbaffebb7a11d89bd (patch)
tree: cef4092aa49bd44d4759b58762bfa221dac45f57 /include
parent: b7e70ca9c7d7f049bba8047d7ab49966fd5e9e9d (diff)
parent: 312103d64d0fcadb332899a2c84b357ddb18f4e3 (diff)
6 files changed, 41 insertions, 5 deletions
diff --git a/include/asm-generic/syscall.h b/include/asm-generic/syscall.h
index 5b09392db673..d401e5463fb0 100644
--- a/include/asm-generic/syscall.h
+++ b/include/asm-generic/syscall.h
@@ -144,8 +144,6 @@ void syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
 /**
 * syscall_get_arch - return the AUDIT_ARCH for the current system call
- * @task:       task of interest, must be in system call entry tracing
- * @regs:       task_pt_regs() of @task
 *
 * Returns the AUDIT_ARCH_* based on the system call convention in use.
 *
@@ -155,5 +153,5 @@ void syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
 * Architectures which permit CONFIG_HAVE_ARCH_SECCOMP_FILTER must
 * provide an implementation of this.
 */
-int syscall_get_arch(struct task_struct *task, struct pt_regs *regs);
+int syscall_get_arch(void);
 #endif  /* _ASM_SYSCALL_H */
diff --git a/include/linux/audit.h b/include/linux/audit.h
index ec1464df4c60..22cfddb75566 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -79,6 +79,14 @@ extern int is_audit_feature_set(int which);
 extern int __init audit_register_class(int class, unsigned *list);
 extern int audit_classify_syscall(int abi, unsigned syscall);
 extern int audit_classify_arch(int arch);
+/* only for compat system calls */
+extern unsigned compat_write_class[];
+extern unsigned compat_read_class[];
+extern unsigned compat_dir_class[];
+extern unsigned compat_chattr_class[];
+extern unsigned compat_signal_class[];
+extern int __weak audit_classify_compat_syscall(int abi, unsigned syscall);
 /* audit_names->type values */
 #define AUDIT_TYPE_UNKNOWN      0       /* we don't know yet */
@@ -94,6 +102,12 @@ struct filename;
 extern void audit_log_session_info(struct audit_buffer *ab);
+#ifdef CONFIG_AUDIT_COMPAT_GENERIC
+#define audit_is_compat(arch)  (!((arch) & __AUDIT_ARCH_64BIT))
+#else
+#define audit_is_compat(arch)  false
+#endif
 #ifdef CONFIG_AUDITSYSCALL
 /* These are defined in auditsc.c */
                                /* Public API */
diff --git a/include/linux/mm.h b/include/linux/mm.h
index abc848412e3c..bf9811e1321a 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1204,6 +1204,7 @@ void account_page_writeback(struct page *page);
 int set_page_dirty(struct page *page);
 int set_page_dirty_lock(struct page *page);
 int clear_page_dirty_for_io(struct page *page);
+int get_cmdline(struct task_struct *task, char *buffer, int buflen);
 /* Is the vma a continuation of the stack vma above it? */
 static inline int vma_growsdown(struct vm_area_struct *vma, unsigned long addr)
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 075b3056c0c0..25f54c79f757 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1719,6 +1719,24 @@ static inline pid_t task_tgid_vnr(struct task_struct *tsk)
 }
+static inline int pid_alive(const struct task_struct *p);
+static inline pid_t task_ppid_nr_ns(const struct task_struct *tsk, struct pid_namespace *ns)
+{
+        pid_t pid = 0;
+        rcu_read_lock();
+        if (pid_alive(tsk))
+                pid = task_tgid_nr_ns(rcu_dereference(tsk->real_parent), ns);
+        rcu_read_unlock();
+        return pid;
+}
+static inline pid_t task_ppid_nr(const struct task_struct *tsk)
+{
+        return task_ppid_nr_ns(tsk, &init_pid_ns);
+}
 static inline pid_t task_pgrp_nr_ns(struct task_struct *tsk,
                                        struct pid_namespace *ns)
 {
@@ -1758,7 +1776,7 @@ static inline pid_t task_pgrp_nr(struct task_struct *tsk)
 *
 * Return: 1 if the process is alive. 0 otherwise.
 */
-static inline int pid_alive(struct task_struct *p)
+static inline int pid_alive(const struct task_struct *p)
 {
        return p->pids[PIDTYPE_PID].pid != NULL;
 }
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 2d48fe1274ca..11917f747cb4 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -70,7 +70,6 @@
 #define AUDIT_TTY_SET           1017    /* Set TTY auditing status */
 #define AUDIT_SET_FEATURE       1018    /* Turn an audit feature on or off */
 #define AUDIT_GET_FEATURE       1019    /* Get which features are enabled */
-#define AUDIT_FEATURE_CHANGE    1020    /* audit log listing feature changes */
 #define AUDIT_FIRST_USER_MSG    1100    /* Userspace messages mostly uninteresting to kernel */
 #define AUDIT_USER_AVC          1107    /* We filter this differently */
@@ -109,6 +108,8 @@
 #define AUDIT_NETFILTER_PKT     1324    /* Packets traversing netfilter chains */
 #define AUDIT_NETFILTER_CFG     1325    /* Netfilter chain modifications */
 #define AUDIT_SECCOMP           1326    /* Secure Computing event */
+#define AUDIT_PROCTITLE         1327    /* Proctitle emit event */
+#define AUDIT_FEATURE_CHANGE    1328    /* audit log listing feature changes */
 #define AUDIT_AVC               1400    /* SE Linux avc denial or grant */
 #define AUDIT_SELINUX_ERR       1401    /* Internal SE Linux Errors */
diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
index ba478fa3012e..154dd6d3c8fe 100644
--- a/include/uapi/linux/capability.h
+++ b/include/uapi/linux/capability.h
@@ -308,8 +308,12 @@ struct vfs_cap_data {
 #define CAP_LEASE            28
+/* Allow writing the audit log via unicast netlink socket */
 #define CAP_AUDIT_WRITE      29
+/* Allow configuration of audit via unicast netlink socket */
 #define CAP_AUDIT_CONTROL    30
 #define CAP_SETFCAP          31
author	Linus Torvalds <torvalds@linux-foundation.org>	2014-04-12 15:38:53 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2014-04-12 15:38:53 -0400
commit	0b747172dce6e0905ab173afbaffebb7a11d89bd (patch)
tree	cef4092aa49bd44d4759b58762bfa221dac45f57 /include
parent	b7e70ca9c7d7f049bba8047d7ab49966fd5e9e9d (diff)
parent	312103d64d0fcadb332899a2c84b357ddb18f4e3 (diff)