diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-01-23 21:08:10 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-01-23 21:08:10 -0500 |
| commit | 6dd9158ae8577372aa433e6b0eae3c3d4caa5439 (patch) | |
| tree | aa097a9f9ea6206d668ac924460ad1a5d64e751c /include | |
| parent | 90804ed61f24712975fa12f8a1fc12cd46ef7d59 (diff) | |
| parent | f3411cb2b2e396a41ed3a439863f028db7140a34 (diff) | |
Merge git://git.infradead.org/users/eparis/audit
Pull audit update from Eric Paris:
"Again we stayed pretty well contained inside the audit system.
Venturing out was fixing a couple of function prototypes which were
inconsistent (didn't hurt anything, but we used the same value as an
int, uint, u32, and I think even a long in a couple of places).
We also made a couple of minor changes to when a couple of LSMs called
the audit system. We hoped to add aarch64 audit support this go
round, but it wasn't ready.
I'm disappearing on vacation on Thursday. I should have internet
access, but it'll be spotty. If anything goes wrong please be sure to
cc rgb@redhat.com. He'll make fixing things his top priority"
* git://git.infradead.org/users/eparis/audit: (50 commits)
audit: whitespace fix in kernel-parameters.txt
audit: fix location of __net_initdata for audit_net_ops
audit: remove pr_info for every network namespace
audit: Modify a set of system calls in audit class definitions
audit: Convert int limit uses to u32
audit: Use more current logging style
audit: Use hex_byte_pack_upper
audit: correct a type mismatch in audit_syscall_exit()
audit: reorder AUDIT_TTY_SET arguments
audit: rework AUDIT_TTY_SET to only grab spin_lock once
audit: remove needless switch in AUDIT_SET
audit: use define's for audit version
audit: documentation of audit= kernel parameter
audit: wait_for_auditd rework for readability
audit: update MAINTAINERS
audit: log task info on feature change
audit: fix incorrect set of audit_sock
audit: print error message when fail to create audit socket
audit: fix dangling keywords in audit_log_set_loginuid() output
audit: log on errors from filter user rules
...
Diffstat (limited to 'include')
| -rw-r--r-- | include/asm-generic/audit_change_attr.h | 4 | ||||
| -rw-r--r-- | include/asm-generic/audit_write.h | 6 | ||||
| -rw-r--r-- | include/linux/audit.h | 22 | ||||
| -rw-r--r-- | include/linux/init_task.h | 2 | ||||
| -rw-r--r-- | include/net/netlabel.h | 2 | ||||
| -rw-r--r-- | include/net/xfrm.h | 20 | ||||
| -rw-r--r-- | include/uapi/linux/audit.h | 8 |
7 files changed, 41 insertions, 23 deletions
diff --git a/include/asm-generic/audit_change_attr.h b/include/asm-generic/audit_change_attr.h index 89b73e5d0fd0..a1865537339b 100644 --- a/include/asm-generic/audit_change_attr.h +++ b/include/asm-generic/audit_change_attr.h | |||
| @@ -4,9 +4,11 @@ __NR_chmod, | |||
| 4 | __NR_fchmod, | 4 | __NR_fchmod, |
| 5 | #ifdef __NR_chown | 5 | #ifdef __NR_chown |
| 6 | __NR_chown, | 6 | __NR_chown, |
| 7 | __NR_fchown, | ||
| 8 | __NR_lchown, | 7 | __NR_lchown, |
| 9 | #endif | 8 | #endif |
| 9 | #ifdef __NR_fchown | ||
| 10 | __NR_fchown, | ||
| 11 | #endif | ||
| 10 | __NR_setxattr, | 12 | __NR_setxattr, |
| 11 | __NR_lsetxattr, | 13 | __NR_lsetxattr, |
| 12 | __NR_fsetxattr, | 14 | __NR_fsetxattr, |
diff --git a/include/asm-generic/audit_write.h b/include/asm-generic/audit_write.h index e7020c57b13b..274575d7129f 100644 --- a/include/asm-generic/audit_write.h +++ b/include/asm-generic/audit_write.h | |||
| @@ -10,6 +10,12 @@ __NR_truncate, | |||
| 10 | #ifdef __NR_truncate64 | 10 | #ifdef __NR_truncate64 |
| 11 | __NR_truncate64, | 11 | __NR_truncate64, |
| 12 | #endif | 12 | #endif |
| 13 | #ifdef __NR_ftruncate | ||
| 14 | __NR_ftruncate, | ||
| 15 | #endif | ||
| 16 | #ifdef __NR_ftruncate64 | ||
| 17 | __NR_ftruncate64, | ||
| 18 | #endif | ||
| 13 | #ifdef __NR_bind | 19 | #ifdef __NR_bind |
| 14 | __NR_bind, /* bind can affect fs object only in one way... */ | 20 | __NR_bind, /* bind can affect fs object only in one way... */ |
| 15 | #endif | 21 | #endif |
diff --git a/include/linux/audit.h b/include/linux/audit.h index a40641954c29..aa865a9a4c4f 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
| @@ -137,7 +137,7 @@ static inline void audit_syscall_exit(void *pt_regs) | |||
| 137 | { | 137 | { |
| 138 | if (unlikely(current->audit_context)) { | 138 | if (unlikely(current->audit_context)) { |
| 139 | int success = is_syscall_success(pt_regs); | 139 | int success = is_syscall_success(pt_regs); |
| 140 | int return_code = regs_return_value(pt_regs); | 140 | long return_code = regs_return_value(pt_regs); |
| 141 | 141 | ||
| 142 | __audit_syscall_exit(success, return_code); | 142 | __audit_syscall_exit(success, return_code); |
| 143 | } | 143 | } |
| @@ -202,7 +202,7 @@ static inline kuid_t audit_get_loginuid(struct task_struct *tsk) | |||
| 202 | return tsk->loginuid; | 202 | return tsk->loginuid; |
| 203 | } | 203 | } |
| 204 | 204 | ||
| 205 | static inline int audit_get_sessionid(struct task_struct *tsk) | 205 | static inline unsigned int audit_get_sessionid(struct task_struct *tsk) |
| 206 | { | 206 | { |
| 207 | return tsk->sessionid; | 207 | return tsk->sessionid; |
| 208 | } | 208 | } |
| @@ -220,7 +220,7 @@ extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); | |||
| 220 | extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, | 220 | extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, |
| 221 | const struct cred *new, | 221 | const struct cred *new, |
| 222 | const struct cred *old); | 222 | const struct cred *old); |
| 223 | extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old); | 223 | extern void __audit_log_capset(const struct cred *new, const struct cred *old); |
| 224 | extern void __audit_mmap_fd(int fd, int flags); | 224 | extern void __audit_mmap_fd(int fd, int flags); |
| 225 | 225 | ||
| 226 | static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) | 226 | static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) |
| @@ -285,11 +285,11 @@ static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, | |||
| 285 | return 0; | 285 | return 0; |
| 286 | } | 286 | } |
| 287 | 287 | ||
| 288 | static inline void audit_log_capset(pid_t pid, const struct cred *new, | 288 | static inline void audit_log_capset(const struct cred *new, |
| 289 | const struct cred *old) | 289 | const struct cred *old) |
| 290 | { | 290 | { |
| 291 | if (unlikely(!audit_dummy_context())) | 291 | if (unlikely(!audit_dummy_context())) |
| 292 | __audit_log_capset(pid, new, old); | 292 | __audit_log_capset(new, old); |
| 293 | } | 293 | } |
| 294 | 294 | ||
| 295 | static inline void audit_mmap_fd(int fd, int flags) | 295 | static inline void audit_mmap_fd(int fd, int flags) |
| @@ -359,7 +359,7 @@ static inline kuid_t audit_get_loginuid(struct task_struct *tsk) | |||
| 359 | { | 359 | { |
| 360 | return INVALID_UID; | 360 | return INVALID_UID; |
| 361 | } | 361 | } |
| 362 | static inline int audit_get_sessionid(struct task_struct *tsk) | 362 | static inline unsigned int audit_get_sessionid(struct task_struct *tsk) |
| 363 | { | 363 | { |
| 364 | return -1; | 364 | return -1; |
| 365 | } | 365 | } |
| @@ -397,8 +397,8 @@ static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, | |||
| 397 | { | 397 | { |
| 398 | return 0; | 398 | return 0; |
| 399 | } | 399 | } |
| 400 | static inline void audit_log_capset(pid_t pid, const struct cred *new, | 400 | static inline void audit_log_capset(const struct cred *new, |
| 401 | const struct cred *old) | 401 | const struct cred *old) |
| 402 | { } | 402 | { } |
| 403 | static inline void audit_mmap_fd(int fd, int flags) | 403 | static inline void audit_mmap_fd(int fd, int flags) |
| 404 | { } | 404 | { } |
| @@ -461,9 +461,11 @@ extern int audit_update_lsm_rules(void); | |||
| 461 | /* Private API (for audit.c only) */ | 461 | /* Private API (for audit.c only) */ |
| 462 | extern int audit_filter_user(int type); | 462 | extern int audit_filter_user(int type); |
| 463 | extern int audit_filter_type(int type); | 463 | extern int audit_filter_type(int type); |
| 464 | extern int audit_receive_filter(int type, int pid, int seq, | 464 | extern int audit_rule_change(int type, __u32 portid, int seq, |
| 465 | void *data, size_t datasz); | 465 | void *data, size_t datasz); |
| 466 | extern int audit_enabled; | 466 | extern int audit_list_rules_send(__u32 portid, int seq); |
| 467 | |||
| 468 | extern u32 audit_enabled; | ||
| 467 | #else /* CONFIG_AUDIT */ | 469 | #else /* CONFIG_AUDIT */ |
| 468 | static inline __printf(4, 5) | 470 | static inline __printf(4, 5) |
| 469 | void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, | 471 | void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, |
diff --git a/include/linux/init_task.h b/include/linux/init_task.h index 1516a8ff8f92..6df7f9fe0d01 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h | |||
| @@ -97,7 +97,7 @@ extern struct group_info init_groups; | |||
| 97 | #ifdef CONFIG_AUDITSYSCALL | 97 | #ifdef CONFIG_AUDITSYSCALL |
| 98 | #define INIT_IDS \ | 98 | #define INIT_IDS \ |
| 99 | .loginuid = INVALID_UID, \ | 99 | .loginuid = INVALID_UID, \ |
| 100 | .sessionid = -1, | 100 | .sessionid = (unsigned int)-1, |
| 101 | #else | 101 | #else |
| 102 | #define INIT_IDS | 102 | #define INIT_IDS |
| 103 | #endif | 103 | #endif |
diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 2c95d55f7914..97e6dcaf12bb 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h | |||
| @@ -111,7 +111,7 @@ struct cipso_v4_doi; | |||
| 111 | struct netlbl_audit { | 111 | struct netlbl_audit { |
| 112 | u32 secid; | 112 | u32 secid; |
| 113 | kuid_t loginuid; | 113 | kuid_t loginuid; |
| 114 | u32 sessionid; | 114 | unsigned int sessionid; |
| 115 | }; | 115 | }; |
| 116 | 116 | ||
| 117 | /* | 117 | /* |
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 6b82fdf4ba71..1d535f4d3873 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -681,7 +681,7 @@ struct xfrm_spi_skb_cb { | |||
| 681 | struct xfrm_audit { | 681 | struct xfrm_audit { |
| 682 | u32 secid; | 682 | u32 secid; |
| 683 | kuid_t loginuid; | 683 | kuid_t loginuid; |
| 684 | u32 sessionid; | 684 | unsigned int sessionid; |
| 685 | }; | 685 | }; |
| 686 | 686 | ||
| 687 | #ifdef CONFIG_AUDITSYSCALL | 687 | #ifdef CONFIG_AUDITSYSCALL |
| @@ -699,7 +699,7 @@ static inline struct audit_buffer *xfrm_audit_start(const char *op) | |||
| 699 | return audit_buf; | 699 | return audit_buf; |
| 700 | } | 700 | } |
| 701 | 701 | ||
| 702 | static inline void xfrm_audit_helper_usrinfo(kuid_t auid, u32 ses, u32 secid, | 702 | static inline void xfrm_audit_helper_usrinfo(kuid_t auid, unsigned int ses, u32 secid, |
| 703 | struct audit_buffer *audit_buf) | 703 | struct audit_buffer *audit_buf) |
| 704 | { | 704 | { |
| 705 | char *secctx; | 705 | char *secctx; |
| @@ -716,13 +716,13 @@ static inline void xfrm_audit_helper_usrinfo(kuid_t auid, u32 ses, u32 secid, | |||
| 716 | } | 716 | } |
| 717 | 717 | ||
| 718 | void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, kuid_t auid, | 718 | void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, kuid_t auid, |
| 719 | u32 ses, u32 secid); | 719 | unsigned int ses, u32 secid); |
| 720 | void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, kuid_t auid, | 720 | void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, kuid_t auid, |
| 721 | u32 ses, u32 secid); | 721 | unsigned int ses, u32 secid); |
| 722 | void xfrm_audit_state_add(struct xfrm_state *x, int result, kuid_t auid, | 722 | void xfrm_audit_state_add(struct xfrm_state *x, int result, kuid_t auid, |
| 723 | u32 ses, u32 secid); | 723 | unsigned int ses, u32 secid); |
| 724 | void xfrm_audit_state_delete(struct xfrm_state *x, int result, kuid_t auid, | 724 | void xfrm_audit_state_delete(struct xfrm_state *x, int result, kuid_t auid, |
| 725 | u32 ses, u32 secid); | 725 | unsigned int ses, u32 secid); |
| 726 | void xfrm_audit_state_replay_overflow(struct xfrm_state *x, | 726 | void xfrm_audit_state_replay_overflow(struct xfrm_state *x, |
| 727 | struct sk_buff *skb); | 727 | struct sk_buff *skb); |
| 728 | void xfrm_audit_state_replay(struct xfrm_state *x, struct sk_buff *skb, | 728 | void xfrm_audit_state_replay(struct xfrm_state *x, struct sk_buff *skb, |
| @@ -735,22 +735,22 @@ void xfrm_audit_state_icvfail(struct xfrm_state *x, struct sk_buff *skb, | |||
| 735 | #else | 735 | #else |
| 736 | 736 | ||
| 737 | static inline void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, | 737 | static inline void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, |
| 738 | kuid_t auid, u32 ses, u32 secid) | 738 | kuid_t auid, unsigned int ses, u32 secid) |
| 739 | { | 739 | { |
| 740 | } | 740 | } |
| 741 | 741 | ||
| 742 | static inline void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, | 742 | static inline void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, |
| 743 | kuid_t auid, u32 ses, u32 secid) | 743 | kuid_t auid, unsigned int ses, u32 secid) |
| 744 | { | 744 | { |
| 745 | } | 745 | } |
| 746 | 746 | ||
| 747 | static inline void xfrm_audit_state_add(struct xfrm_state *x, int result, | 747 | static inline void xfrm_audit_state_add(struct xfrm_state *x, int result, |
| 748 | kuid_t auid, u32 ses, u32 secid) | 748 | kuid_t auid, unsigned int ses, u32 secid) |
| 749 | { | 749 | { |
| 750 | } | 750 | } |
| 751 | 751 | ||
| 752 | static inline void xfrm_audit_state_delete(struct xfrm_state *x, int result, | 752 | static inline void xfrm_audit_state_delete(struct xfrm_state *x, int result, |
| 753 | kuid_t auid, u32 ses, u32 secid) | 753 | kuid_t auid, unsigned int ses, u32 secid) |
| 754 | { | 754 | { |
| 755 | } | 755 | } |
| 756 | 756 | ||
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 44b05a09f193..2d48fe1274ca 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h | |||
| @@ -319,6 +319,12 @@ enum { | |||
| 319 | #define AUDIT_STATUS_PID 0x0004 | 319 | #define AUDIT_STATUS_PID 0x0004 |
| 320 | #define AUDIT_STATUS_RATE_LIMIT 0x0008 | 320 | #define AUDIT_STATUS_RATE_LIMIT 0x0008 |
| 321 | #define AUDIT_STATUS_BACKLOG_LIMIT 0x0010 | 321 | #define AUDIT_STATUS_BACKLOG_LIMIT 0x0010 |
| 322 | #define AUDIT_STATUS_BACKLOG_WAIT_TIME 0x0020 | ||
| 323 | |||
| 324 | #define AUDIT_VERSION_BACKLOG_LIMIT 1 | ||
| 325 | #define AUDIT_VERSION_BACKLOG_WAIT_TIME 2 | ||
| 326 | #define AUDIT_VERSION_LATEST AUDIT_VERSION_BACKLOG_WAIT_TIME | ||
| 327 | |||
| 322 | /* Failure-to-log actions */ | 328 | /* Failure-to-log actions */ |
| 323 | #define AUDIT_FAIL_SILENT 0 | 329 | #define AUDIT_FAIL_SILENT 0 |
| 324 | #define AUDIT_FAIL_PRINTK 1 | 330 | #define AUDIT_FAIL_PRINTK 1 |
| @@ -375,6 +381,8 @@ struct audit_status { | |||
| 375 | __u32 backlog_limit; /* waiting messages limit */ | 381 | __u32 backlog_limit; /* waiting messages limit */ |
| 376 | __u32 lost; /* messages lost */ | 382 | __u32 lost; /* messages lost */ |
| 377 | __u32 backlog; /* messages waiting in queue */ | 383 | __u32 backlog; /* messages waiting in queue */ |
| 384 | __u32 version; /* audit api version number */ | ||
| 385 | __u32 backlog_wait_time;/* message queue wait timeout */ | ||
| 378 | }; | 386 | }; |
| 379 | 387 | ||
| 380 | struct audit_features { | 388 | struct audit_features { |
