userns: Convert the audit loginuid to be a kuid

Always store audit loginuids in type kuid_t. Print loginuids by converting them into uids in the appropriate user namespace, and then printing the resulting uid. Modify audit_get_loginuid to return a kuid_t. Modify audit_set_loginuid to take a kuid_t. Modify /proc/<pid>/loginuid on read to convert the loginuid into the user namespace of the opener of the file. Modify /proc/<pid>/loginud on write to convert the loginuid rom the user namespace of the opener of the file. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Cc: Paul Moore <paul@paul-moore.com> ? Cc: David Miller <davem@davemloft.net> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2012-09-11 01:39:43 -0400
committer: Eric W. Biederman <ebiederm@xmission.com> 2012-09-17 21:08:54 -0400
commit: e1760bd5ffae8cb98cffb030ee8e631eba28f3d8 (patch)
tree: 4694a60b407c418bf7de4b97355dc3bd0e6c6559 /kernel/audit.c
parent: ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7 (diff)
1 files changed, 10 insertions, 10 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 2e0dd5edf69b..44a4b13c9f00 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -265,7 +265,7 @@ void audit_log_lost(const char *message)
 }
 static int audit_log_config_change(char *function_name, int new, int old,
-                                   uid_t loginuid, u32 sessionid, u32 sid,
+                                   kuid_t loginuid, u32 sessionid, u32 sid,
                                   int allow_changes)
 {
        struct audit_buffer *ab;
@@ -273,7 +273,7 @@ static int audit_log_config_change(char *function_name, int new, int old,
        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
        audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
-                         old, loginuid, sessionid);
+                         old, from_kuid(&init_user_ns, loginuid), sessionid);
        if (sid) {
                char *ctx = NULL;
                u32 len;
@@ -293,7 +293,7 @@ static int audit_log_config_change(char *function_name, int new, int old,
 }
 static int audit_do_config_change(char *function_name, int *to_change,
-                                  int new, uid_t loginuid, u32 sessionid,
+                                  int new, kuid_t loginuid, u32 sessionid,
                                  u32 sid)
 {
        int allow_changes, rc = 0, old = *to_change;
@@ -320,21 +320,21 @@ static int audit_do_config_change(char *function_name, int *to_change,
        return rc;
 }
-static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sessionid,
+static int audit_set_rate_limit(int limit, kuid_t loginuid, u32 sessionid,
                                u32 sid)
 {
        return audit_do_config_change("audit_rate_limit", &audit_rate_limit,
                                      limit, loginuid, sessionid, sid);
 }
-static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sessionid,
+static int audit_set_backlog_limit(int limit, kuid_t loginuid, u32 sessionid,
                                   u32 sid)
 {
        return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit,
                                      limit, loginuid, sessionid, sid);
 }
-static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid)
+static int audit_set_enabled(int state, kuid_t loginuid, u32 sessionid, u32 sid)
 {
        int rc;
        if (state < AUDIT_OFF || state > AUDIT_LOCKED)
@@ -349,7 +349,7 @@ static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid)
        return rc;
 }
-static int audit_set_failure(int state, uid_t loginuid, u32 sessionid, u32 sid)
+static int audit_set_failure(int state, kuid_t loginuid, u32 sessionid, u32 sid)
 {
        if (state != AUDIT_FAIL_SILENT
            && state != AUDIT_FAIL_PRINTK
@@ -607,7 +607,7 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
 }
 static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
-                                     uid_t auid, u32 ses, u32 sid)
+                                     kuid_t auid, u32 ses, u32 sid)
 {
        int rc = 0;
        char *ctx = NULL;
@@ -622,7 +622,7 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
        audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",
                         task_tgid_vnr(current),
                         from_kuid(&init_user_ns, current_uid()),
-                         auid, ses);
+                         from_kuid(&init_user_ns, auid), ses);
        if (sid) {
                rc = security_secid_to_secctx(sid, &ctx, &len);
                if (rc)
@@ -644,7 +644,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        int                     err;
        struct audit_buffer     *ab;
        u16                     msg_type = nlh->nlmsg_type;
-        uid_t                   loginuid; /* loginuid of sender */
+        kuid_t                  loginuid; /* loginuid of sender */
        u32                     sessionid;
        struct audit_sig_info   *sig_data;
        char                    *ctx = NULL;
author	Eric W. Biederman <ebiederm@xmission.com>	2012-09-11 01:39:43 -0400
committer	Eric W. Biederman <ebiederm@xmission.com>	2012-09-17 21:08:54 -0400
commit	e1760bd5ffae8cb98cffb030ee8e631eba28f3d8 (patch)
tree	4694a60b407c418bf7de4b97355dc3bd0e6c6559 /kernel/audit.c
parent	ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7 (diff)

diff --git a/kernel/audit.c b/kernel/audit.c index 2e0dd5edf69b..44a4b13c9f00 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -265,7 +265,7 @@ void audit_log_lost(const char *message)
265	}	265	}
266		266
267	static int audit_log_config_change(char *function_name, int new, int old,	267	static int audit_log_config_change(char *function_name, int new, int old,
268	uid_t loginuid, u32 sessionid, u32 sid,	268	kuid_t loginuid, u32 sessionid, u32 sid,
269	int allow_changes)	269	int allow_changes)
270	{	270	{
271	struct audit_buffer *ab;	271	struct audit_buffer *ab;
@@ -273,7 +273,7 @@ static int audit_log_config_change(char *function_name, int new, int old,
273		273
274	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);	274	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
275	audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,	275	audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
276	old, loginuid, sessionid);	276	old, from_kuid(&init_user_ns, loginuid), sessionid);
277	if (sid) {	277	if (sid) {
278	char *ctx = NULL;	278	char *ctx = NULL;
279	u32 len;	279	u32 len;
@@ -293,7 +293,7 @@ static int audit_log_config_change(char *function_name, int new, int old,
293	}	293	}
294		294
295	static int audit_do_config_change(char function_name, int to_change,	295	static int audit_do_config_change(char function_name, int to_change,
296	int new, uid_t loginuid, u32 sessionid,	296	int new, kuid_t loginuid, u32 sessionid,
297	u32 sid)	297	u32 sid)
298	{	298	{
299	int allow_changes, rc = 0, old = *to_change;	299	int allow_changes, rc = 0, old = *to_change;
@@ -320,21 +320,21 @@ static int audit_do_config_change(char function_name, int to_change,
320	return rc;	320	return rc;
321	}	321	}
322		322
323	static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sessionid,	323	static int audit_set_rate_limit(int limit, kuid_t loginuid, u32 sessionid,
324	u32 sid)	324	u32 sid)
325	{	325	{
326	return audit_do_config_change("audit_rate_limit", &audit_rate_limit,	326	return audit_do_config_change("audit_rate_limit", &audit_rate_limit,
327	limit, loginuid, sessionid, sid);	327	limit, loginuid, sessionid, sid);
328	}	328	}
329		329
330	static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sessionid,	330	static int audit_set_backlog_limit(int limit, kuid_t loginuid, u32 sessionid,
331	u32 sid)	331	u32 sid)
332	{	332	{
333	return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit,	333	return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit,
334	limit, loginuid, sessionid, sid);	334	limit, loginuid, sessionid, sid);
335	}	335	}
336		336
337	static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid)	337	static int audit_set_enabled(int state, kuid_t loginuid, u32 sessionid, u32 sid)
338	{	338	{
339	int rc;	339	int rc;
340	if (state < AUDIT_OFF \|\| state > AUDIT_LOCKED)	340	if (state < AUDIT_OFF \|\| state > AUDIT_LOCKED)
@@ -349,7 +349,7 @@ static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid)
349	return rc;	349	return rc;
350	}	350	}
351		351
352	static int audit_set_failure(int state, uid_t loginuid, u32 sessionid, u32 sid)	352	static int audit_set_failure(int state, kuid_t loginuid, u32 sessionid, u32 sid)
353	{	353	{
354	if (state != AUDIT_FAIL_SILENT	354	if (state != AUDIT_FAIL_SILENT
355	&& state != AUDIT_FAIL_PRINTK	355	&& state != AUDIT_FAIL_PRINTK
@@ -607,7 +607,7 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
607	}	607	}
608		608
609	static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,	609	static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
610	uid_t auid, u32 ses, u32 sid)	610	kuid_t auid, u32 ses, u32 sid)
611	{	611	{
612	int rc = 0;	612	int rc = 0;
613	char *ctx = NULL;	613	char *ctx = NULL;
@@ -622,7 +622,7 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
622	audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",	622	audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",
623	task_tgid_vnr(current),	623	task_tgid_vnr(current),
624	from_kuid(&init_user_ns, current_uid()),	624	from_kuid(&init_user_ns, current_uid()),
625	auid, ses);	625	from_kuid(&init_user_ns, auid), ses);
626	if (sid) {	626	if (sid) {
627	rc = security_secid_to_secctx(sid, &ctx, &len);	627	rc = security_secid_to_secctx(sid, &ctx, &len);
628	if (rc)	628	if (rc)
@@ -644,7 +644,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
644	int err;	644	int err;
645	struct audit_buffer *ab;	645	struct audit_buffer *ab;
646	u16 msg_type = nlh->nlmsg_type;	646	u16 msg_type = nlh->nlmsg_type;
647	uid_t loginuid; /* loginuid of sender */	647	kuid_t loginuid; /* loginuid of sender */
648	u32 sessionid;	648	u32 sessionid;
649	struct audit_sig_info *sig_data;	649	struct audit_sig_info *sig_data;
650	char *ctx = NULL;	650	char *ctx = NULL;