diff options
| author | Eric Paris <eparis@redhat.com> | 2008-01-07 17:09:31 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-02-01 14:24:33 -0500 |
| commit | 1a6b9f2317f18db768010252c957d99daf40678f (patch) | |
| tree | e63199fab4ec31e05b22f3af10505bdcfcb57be8 /kernel/audit.c | |
| parent | de6bbd1d30e5912620d25dd15e3f180ac7f9fcef (diff) | |
[AUDIT] make audit=0 really stop audit messages
Some audit messages (namely configuration changes) are still emitted even if
the audit subsystem has been explicitly disabled. This patch turns those
messages off as well.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel/audit.c')
| -rw-r--r-- | kernel/audit.c | 191 |
1 files changed, 60 insertions, 131 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 26ff925e13f2..7e29372da284 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -66,9 +66,9 @@ | |||
| 66 | * (Initialization happens after skb_init is called.) */ | 66 | * (Initialization happens after skb_init is called.) */ |
| 67 | static int audit_initialized; | 67 | static int audit_initialized; |
| 68 | 68 | ||
| 69 | /* 0 - no auditing | 69 | #define AUDIT_OFF 0 |
| 70 | * 1 - auditing enabled | 70 | #define AUDIT_ON 1 |
| 71 | * 2 - auditing enabled and configuration is locked/unchangeable. */ | 71 | #define AUDIT_LOCKED 2 |
| 72 | int audit_enabled; | 72 | int audit_enabled; |
| 73 | 73 | ||
| 74 | /* Default state when kernel boots without any parameters. */ | 74 | /* Default state when kernel boots without any parameters. */ |
| @@ -240,152 +240,90 @@ void audit_log_lost(const char *message) | |||
| 240 | } | 240 | } |
| 241 | } | 241 | } |
| 242 | 242 | ||
| 243 | static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid) | 243 | static int audit_log_config_change(char *function_name, int new, int old, |
| 244 | uid_t loginuid, u32 sid, int allow_changes) | ||
| 244 | { | 245 | { |
| 245 | int res, rc = 0, old = audit_rate_limit; | 246 | struct audit_buffer *ab; |
| 246 | 247 | int rc = 0; | |
| 247 | /* check if we are locked */ | ||
| 248 | if (audit_enabled == 2) | ||
| 249 | res = 0; | ||
| 250 | else | ||
| 251 | res = 1; | ||
| 252 | 248 | ||
| 249 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); | ||
| 250 | audit_log_format(ab, "%s=%d old=%d by auid=%u", function_name, new, | ||
| 251 | old, loginuid); | ||
| 253 | if (sid) { | 252 | if (sid) { |
| 254 | char *ctx = NULL; | 253 | char *ctx = NULL; |
| 255 | u32 len; | 254 | u32 len; |
| 256 | if ((rc = selinux_sid_to_string(sid, &ctx, &len)) == 0) { | 255 | |
| 257 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | 256 | rc = selinux_sid_to_string(sid, &ctx, &len); |
| 258 | "audit_rate_limit=%d old=%d by auid=%u" | 257 | if (rc) { |
| 259 | " subj=%s res=%d", | 258 | audit_log_format(ab, " sid=%u", sid); |
| 260 | limit, old, loginuid, ctx, res); | 259 | allow_changes = 0; /* Something weird, deny request */ |
| 260 | } else { | ||
| 261 | audit_log_format(ab, " subj=%s", ctx); | ||
| 261 | kfree(ctx); | 262 | kfree(ctx); |
| 262 | } else | 263 | } |
| 263 | res = 0; /* Something weird, deny request */ | ||
| 264 | } | 264 | } |
| 265 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | 265 | audit_log_format(ab, " res=%d", allow_changes); |
| 266 | "audit_rate_limit=%d old=%d by auid=%u res=%d", | 266 | audit_log_end(ab); |
| 267 | limit, old, loginuid, res); | ||
| 268 | |||
| 269 | /* If we are allowed, make the change */ | ||
| 270 | if (res == 1) | ||
| 271 | audit_rate_limit = limit; | ||
| 272 | /* Not allowed, update reason */ | ||
| 273 | else if (rc == 0) | ||
| 274 | rc = -EPERM; | ||
| 275 | return rc; | 267 | return rc; |
| 276 | } | 268 | } |
| 277 | 269 | ||
| 278 | static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) | 270 | static int audit_do_config_change(char *function_name, int *to_change, |
| 271 | int new, uid_t loginuid, u32 sid) | ||
| 279 | { | 272 | { |
| 280 | int res, rc = 0, old = audit_backlog_limit; | 273 | int allow_changes, rc = 0, old = *to_change; |
| 281 | 274 | ||
| 282 | /* check if we are locked */ | 275 | /* check if we are locked */ |
| 283 | if (audit_enabled == 2) | 276 | if (audit_enabled == AUDIT_LOCKED) |
| 284 | res = 0; | 277 | allow_changes = 0; |
| 285 | else | 278 | else |
| 286 | res = 1; | 279 | allow_changes = 1; |
| 287 | 280 | ||
| 288 | if (sid) { | 281 | if (audit_enabled != AUDIT_OFF) { |
| 289 | char *ctx = NULL; | 282 | rc = audit_log_config_change(function_name, new, old, |
| 290 | u32 len; | 283 | loginuid, sid, allow_changes); |
| 291 | if ((rc = selinux_sid_to_string(sid, &ctx, &len)) == 0) { | 284 | if (rc) |
| 292 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | 285 | allow_changes = 0; |
| 293 | "audit_backlog_limit=%d old=%d by auid=%u" | ||
| 294 | " subj=%s res=%d", | ||
| 295 | limit, old, loginuid, ctx, res); | ||
| 296 | kfree(ctx); | ||
| 297 | } else | ||
| 298 | res = 0; /* Something weird, deny request */ | ||
| 299 | } | 286 | } |
| 300 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
| 301 | "audit_backlog_limit=%d old=%d by auid=%u res=%d", | ||
| 302 | limit, old, loginuid, res); | ||
| 303 | 287 | ||
| 304 | /* If we are allowed, make the change */ | 288 | /* If we are allowed, make the change */ |
| 305 | if (res == 1) | 289 | if (allow_changes == 1) |
| 306 | audit_backlog_limit = limit; | 290 | *to_change = new; |
| 307 | /* Not allowed, update reason */ | 291 | /* Not allowed, update reason */ |
| 308 | else if (rc == 0) | 292 | else if (rc == 0) |
| 309 | rc = -EPERM; | 293 | rc = -EPERM; |
| 310 | return rc; | 294 | return rc; |
| 311 | } | 295 | } |
| 312 | 296 | ||
| 313 | static int audit_set_enabled(int state, uid_t loginuid, u32 sid) | 297 | static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid) |
| 314 | { | 298 | { |
| 315 | int res, rc = 0, old = audit_enabled; | 299 | return audit_do_config_change("audit_rate_limit", &audit_rate_limit, |
| 316 | 300 | limit, loginuid, sid); | |
| 317 | if (state < 0 || state > 2) | 301 | } |
| 318 | return -EINVAL; | ||
| 319 | 302 | ||
| 320 | /* check if we are locked */ | 303 | static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) |
| 321 | if (audit_enabled == 2) | 304 | { |
| 322 | res = 0; | 305 | return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, |
| 323 | else | 306 | limit, loginuid, sid); |
| 324 | res = 1; | 307 | } |
| 325 | 308 | ||
| 326 | if (sid) { | 309 | static int audit_set_enabled(int state, uid_t loginuid, u32 sid) |
| 327 | char *ctx = NULL; | 310 | { |
| 328 | u32 len; | 311 | if (state < AUDIT_OFF || state > AUDIT_LOCKED) |
| 329 | if ((rc = selinux_sid_to_string(sid, &ctx, &len)) == 0) { | 312 | return -EINVAL; |
| 330 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
| 331 | "audit_enabled=%d old=%d by auid=%u" | ||
| 332 | " subj=%s res=%d", | ||
| 333 | state, old, loginuid, ctx, res); | ||
| 334 | kfree(ctx); | ||
| 335 | } else | ||
| 336 | res = 0; /* Something weird, deny request */ | ||
| 337 | } | ||
| 338 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
| 339 | "audit_enabled=%d old=%d by auid=%u res=%d", | ||
| 340 | state, old, loginuid, res); | ||
| 341 | 313 | ||
| 342 | /* If we are allowed, make the change */ | 314 | return audit_do_config_change("audit_enabled", &audit_enabled, state, |
| 343 | if (res == 1) | 315 | loginuid, sid); |
| 344 | audit_enabled = state; | ||
| 345 | /* Not allowed, update reason */ | ||
| 346 | else if (rc == 0) | ||
| 347 | rc = -EPERM; | ||
| 348 | return rc; | ||
| 349 | } | 316 | } |
| 350 | 317 | ||
| 351 | static int audit_set_failure(int state, uid_t loginuid, u32 sid) | 318 | static int audit_set_failure(int state, uid_t loginuid, u32 sid) |
| 352 | { | 319 | { |
| 353 | int res, rc = 0, old = audit_failure; | ||
| 354 | |||
| 355 | if (state != AUDIT_FAIL_SILENT | 320 | if (state != AUDIT_FAIL_SILENT |
| 356 | && state != AUDIT_FAIL_PRINTK | 321 | && state != AUDIT_FAIL_PRINTK |
| 357 | && state != AUDIT_FAIL_PANIC) | 322 | && state != AUDIT_FAIL_PANIC) |
| 358 | return -EINVAL; | 323 | return -EINVAL; |
| 359 | 324 | ||
| 360 | /* check if we are locked */ | 325 | return audit_do_config_change("audit_failure", &audit_failure, state, |
| 361 | if (audit_enabled == 2) | 326 | loginuid, sid); |
| 362 | res = 0; | ||
| 363 | else | ||
| 364 | res = 1; | ||
| 365 | |||
| 366 | if (sid) { | ||
| 367 | char *ctx = NULL; | ||
| 368 | u32 len; | ||
| 369 | if ((rc = selinux_sid_to_string(sid, &ctx, &len)) == 0) { | ||
| 370 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
| 371 | "audit_failure=%d old=%d by auid=%u" | ||
| 372 | " subj=%s res=%d", | ||
| 373 | state, old, loginuid, ctx, res); | ||
| 374 | kfree(ctx); | ||
| 375 | } else | ||
| 376 | res = 0; /* Something weird, deny request */ | ||
| 377 | } | ||
| 378 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
| 379 | "audit_failure=%d old=%d by auid=%u res=%d", | ||
| 380 | state, old, loginuid, res); | ||
| 381 | |||
| 382 | /* If we are allowed, make the change */ | ||
| 383 | if (res == 1) | ||
| 384 | audit_failure = state; | ||
| 385 | /* Not allowed, update reason */ | ||
| 386 | else if (rc == 0) | ||
| 387 | rc = -EPERM; | ||
| 388 | return rc; | ||
| 389 | } | 327 | } |
| 390 | 328 | ||
| 391 | static int kauditd_thread(void *dummy) | 329 | static int kauditd_thread(void *dummy) |
| @@ -634,23 +572,14 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 634 | if (err < 0) return err; | 572 | if (err < 0) return err; |
| 635 | } | 573 | } |
| 636 | if (status_get->mask & AUDIT_STATUS_PID) { | 574 | if (status_get->mask & AUDIT_STATUS_PID) { |
| 637 | int old = audit_pid; | 575 | int new_pid = status_get->pid; |
| 638 | if (sid) { | 576 | |
| 639 | if ((err = selinux_sid_to_string( | 577 | if (audit_enabled != AUDIT_OFF) |
| 640 | sid, &ctx, &len))) | 578 | audit_log_config_change("audit_pid", new_pid, |
| 641 | return err; | 579 | audit_pid, loginuid, |
| 642 | else | 580 | sid, 1); |
| 643 | audit_log(NULL, GFP_KERNEL, | 581 | |
| 644 | AUDIT_CONFIG_CHANGE, | 582 | audit_pid = new_pid; |
| 645 | "audit_pid=%d old=%d by auid=%u subj=%s", | ||
| 646 | status_get->pid, old, | ||
| 647 | loginuid, ctx); | ||
| 648 | kfree(ctx); | ||
| 649 | } else | ||
| 650 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
| 651 | "audit_pid=%d old=%d by auid=%u", | ||
| 652 | status_get->pid, old, loginuid); | ||
| 653 | audit_pid = status_get->pid; | ||
| 654 | } | 583 | } |
| 655 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) | 584 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) |
| 656 | err = audit_set_rate_limit(status_get->rate_limit, | 585 | err = audit_set_rate_limit(status_get->rate_limit, |
| @@ -709,7 +638,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 709 | case AUDIT_DEL: | 638 | case AUDIT_DEL: |
| 710 | if (nlmsg_len(nlh) < sizeof(struct audit_rule)) | 639 | if (nlmsg_len(nlh) < sizeof(struct audit_rule)) |
| 711 | return -EINVAL; | 640 | return -EINVAL; |
| 712 | if (audit_enabled == 2) { | 641 | if (audit_enabled == AUDIT_LOCKED) { |
| 713 | ab = audit_log_start(NULL, GFP_KERNEL, | 642 | ab = audit_log_start(NULL, GFP_KERNEL, |
| 714 | AUDIT_CONFIG_CHANGE); | 643 | AUDIT_CONFIG_CHANGE); |
| 715 | if (ab) { | 644 | if (ab) { |
| @@ -743,7 +672,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 743 | case AUDIT_DEL_RULE: | 672 | case AUDIT_DEL_RULE: |
| 744 | if (nlmsg_len(nlh) < sizeof(struct audit_rule_data)) | 673 | if (nlmsg_len(nlh) < sizeof(struct audit_rule_data)) |
| 745 | return -EINVAL; | 674 | return -EINVAL; |
| 746 | if (audit_enabled == 2) { | 675 | if (audit_enabled == AUDIT_LOCKED) { |
| 747 | ab = audit_log_start(NULL, GFP_KERNEL, | 676 | ab = audit_log_start(NULL, GFP_KERNEL, |
| 748 | AUDIT_CONFIG_CHANGE); | 677 | AUDIT_CONFIG_CHANGE); |
| 749 | if (ab) { | 678 | if (ab) { |