diff options
author | George C. Wilson <ltcgcw@us.ibm.com> | 2006-05-24 17:09:55 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-06-20 05:25:26 -0400 |
commit | 20ca73bc792be9625af184cbec36e1372611d1c3 (patch) | |
tree | 98a1232ad3c9baa14676b2b48fab79a3df4a20b0 /ipc | |
parent | 8ba8e0fbe6321961f6ba04e2fd7215b37d935c83 (diff) |
[PATCH] Audit of POSIX Message Queue Syscalls v.2
This patch adds audit support to POSIX message queues. It applies cleanly to
the lspp.b15 branch of Al Viro's git tree. There are new auxiliary data
structures, and collection and emission routines in kernel/auditsc.c. New hooks
in ipc/mqueue.c collect arguments from the syscalls.
I tested the patch by building the examples from the POSIX MQ library tarball.
Build them -lrt, not against the old MQ library in the tarball. Here's the URL:
http://www.geocities.com/wronski12/posix_ipc/libmqueue-4.41.tar.gz
Do auditctl -a exit,always -S for mq_open, mq_timedsend, mq_timedreceive,
mq_notify, mq_getsetattr. mq_unlink has no new hooks. Please see the
corresponding userspace patch to get correct output from auditd for the new
record types.
[fixes folded]
Signed-off-by: George Wilson <ltcgcw@us.ibm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'ipc')
-rw-r--r-- | ipc/mqueue.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/ipc/mqueue.c b/ipc/mqueue.c index 41ecbd440fed..1511714a9585 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c | |||
@@ -8,6 +8,8 @@ | |||
8 | * Lockless receive & send, fd based notify: | 8 | * Lockless receive & send, fd based notify: |
9 | * Manfred Spraul (manfred@colorfullife.com) | 9 | * Manfred Spraul (manfred@colorfullife.com) |
10 | * | 10 | * |
11 | * Audit: George Wilson (ltcgcw@us.ibm.com) | ||
12 | * | ||
11 | * This file is released under the GPL. | 13 | * This file is released under the GPL. |
12 | */ | 14 | */ |
13 | 15 | ||
@@ -24,6 +26,7 @@ | |||
24 | #include <linux/skbuff.h> | 26 | #include <linux/skbuff.h> |
25 | #include <linux/netlink.h> | 27 | #include <linux/netlink.h> |
26 | #include <linux/syscalls.h> | 28 | #include <linux/syscalls.h> |
29 | #include <linux/audit.h> | ||
27 | #include <linux/signal.h> | 30 | #include <linux/signal.h> |
28 | #include <linux/mutex.h> | 31 | #include <linux/mutex.h> |
29 | 32 | ||
@@ -657,6 +660,10 @@ asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode, | |||
657 | char *name; | 660 | char *name; |
658 | int fd, error; | 661 | int fd, error; |
659 | 662 | ||
663 | error = audit_mq_open(oflag, mode, u_attr); | ||
664 | if (error != 0) | ||
665 | return error; | ||
666 | |||
660 | if (IS_ERR(name = getname(u_name))) | 667 | if (IS_ERR(name = getname(u_name))) |
661 | return PTR_ERR(name); | 668 | return PTR_ERR(name); |
662 | 669 | ||
@@ -814,6 +821,10 @@ asmlinkage long sys_mq_timedsend(mqd_t mqdes, const char __user *u_msg_ptr, | |||
814 | long timeout; | 821 | long timeout; |
815 | int ret; | 822 | int ret; |
816 | 823 | ||
824 | ret = audit_mq_timedsend(mqdes, msg_len, msg_prio, u_abs_timeout); | ||
825 | if (ret != 0) | ||
826 | return ret; | ||
827 | |||
817 | if (unlikely(msg_prio >= (unsigned long) MQ_PRIO_MAX)) | 828 | if (unlikely(msg_prio >= (unsigned long) MQ_PRIO_MAX)) |
818 | return -EINVAL; | 829 | return -EINVAL; |
819 | 830 | ||
@@ -896,6 +907,10 @@ asmlinkage ssize_t sys_mq_timedreceive(mqd_t mqdes, char __user *u_msg_ptr, | |||
896 | struct mqueue_inode_info *info; | 907 | struct mqueue_inode_info *info; |
897 | struct ext_wait_queue wait; | 908 | struct ext_wait_queue wait; |
898 | 909 | ||
910 | ret = audit_mq_timedreceive(mqdes, msg_len, u_msg_prio, u_abs_timeout); | ||
911 | if (ret != 0) | ||
912 | return ret; | ||
913 | |||
899 | timeout = prepare_timeout(u_abs_timeout); | 914 | timeout = prepare_timeout(u_abs_timeout); |
900 | 915 | ||
901 | ret = -EBADF; | 916 | ret = -EBADF; |
@@ -975,6 +990,10 @@ asmlinkage long sys_mq_notify(mqd_t mqdes, | |||
975 | struct mqueue_inode_info *info; | 990 | struct mqueue_inode_info *info; |
976 | struct sk_buff *nc; | 991 | struct sk_buff *nc; |
977 | 992 | ||
993 | ret = audit_mq_notify(mqdes, u_notification); | ||
994 | if (ret != 0) | ||
995 | return ret; | ||
996 | |||
978 | nc = NULL; | 997 | nc = NULL; |
979 | sock = NULL; | 998 | sock = NULL; |
980 | if (u_notification != NULL) { | 999 | if (u_notification != NULL) { |
@@ -1115,6 +1134,9 @@ asmlinkage long sys_mq_getsetattr(mqd_t mqdes, | |||
1115 | omqstat = info->attr; | 1134 | omqstat = info->attr; |
1116 | omqstat.mq_flags = filp->f_flags & O_NONBLOCK; | 1135 | omqstat.mq_flags = filp->f_flags & O_NONBLOCK; |
1117 | if (u_mqstat) { | 1136 | if (u_mqstat) { |
1137 | ret = audit_mq_getsetattr(mqdes, &mqstat); | ||
1138 | if (ret != 0) | ||
1139 | goto out; | ||
1118 | if (mqstat.mq_flags & O_NONBLOCK) | 1140 | if (mqstat.mq_flags & O_NONBLOCK) |
1119 | filp->f_flags |= O_NONBLOCK; | 1141 | filp->f_flags |= O_NONBLOCK; |
1120 | else | 1142 | else |