userns: Convert audit to work with user namespaces enabled

- Explicitly format uids gids in audit messges in the initial user namespace. This is safe because auditd is restrected to be in the initial user namespace. - Convert audit_sig_uid into a kuid_t. - Enable building the audit code and user namespaces at the same time. The net result is that the audit subsystem now uses kuid_t and kgid_t whenever possible making it almost impossible to confuse a raw uid_t with a kuid_t preventing bugs. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2012-02-07 19:53:48 -0500
committer: Eric W. Biederman <ebiederm@xmission.com> 2012-09-18 04:00:26 -0400
commit: cca080d9b622094831672a136e5ee4f702d116b1 (patch)
tree: 7a8238c1c0a0d4de682e0ebb97dc06ab3a18fdb5 /kernel/audit.c
parent: e1760bd5ffae8cb98cffb030ee8e631eba28f3d8 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 44a4b13c9f00..511488a7bc71 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -105,7 +105,7 @@ static int	audit_backlog_wait_time = 60 * HZ;
 static int      audit_backlog_wait_overflow = 0;
 /* The identity of the user shutting down the audit system. */
-uid_t           audit_sig_uid = -1;
+kuid_t          audit_sig_uid = INVALID_UID;
 pid_t           audit_sig_pid = -1;
 u32             audit_sig_sid = 0;
@@ -853,7 +853,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                                security_release_secctx(ctx, len);
                        return -ENOMEM;
                }
-                sig_data->uid = audit_sig_uid;
+                sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
                sig_data->pid = audit_sig_pid;
                if (audit_sig_sid) {
                        memcpy(sig_data->ctx, ctx, len);
author	Eric W. Biederman <ebiederm@xmission.com>	2012-02-07 19:53:48 -0500
committer	Eric W. Biederman <ebiederm@xmission.com>	2012-09-18 04:00:26 -0400
commit	cca080d9b622094831672a136e5ee4f702d116b1 (patch)
tree	7a8238c1c0a0d4de682e0ebb97dc06ab3a18fdb5 /kernel/audit.c
parent	e1760bd5ffae8cb98cffb030ee8e631eba28f3d8 (diff)

diff --git a/kernel/audit.c b/kernel/audit.c index 44a4b13c9f00..511488a7bc71 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -105,7 +105,7 @@ static int audit_backlog_wait_time = 60 * HZ;
105	static int audit_backlog_wait_overflow = 0;	105	static int audit_backlog_wait_overflow = 0;
106		106
107	/* The identity of the user shutting down the audit system. */	107	/* The identity of the user shutting down the audit system. */
108	uid_t audit_sig_uid = -1;	108	kuid_t audit_sig_uid = INVALID_UID;
109	pid_t audit_sig_pid = -1;	109	pid_t audit_sig_pid = -1;
110	u32 audit_sig_sid = 0;	110	u32 audit_sig_sid = 0;
111		111
@@ -853,7 +853,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
853	security_release_secctx(ctx, len);	853	security_release_secctx(ctx, len);
854	return -ENOMEM;	854	return -ENOMEM;
855	}	855	}
856	sig_data->uid = audit_sig_uid;	856	sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
857	sig_data->pid = audit_sig_pid;	857	sig_data->pid = audit_sig_pid;
858	if (audit_sig_sid) {	858	if (audit_sig_sid) {
859	memcpy(sig_data->ctx, ctx, len);	859	memcpy(sig_data->ctx, ctx, len);