diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-09-24 11:31:04 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-09-24 11:31:04 -0400 |
| commit | 6d39b27f0ac7e805ae3bd9efa51d7da04bec0360 (patch) | |
| tree | 21a9cd29a07dd1afe70fe88f1343a0fa0fb0ed26 /kernel | |
| parent | a487b6705a811087c182c8cab7e3b5845dfa6ccb (diff) | |
| parent | d81165919ebf6e1cb9eeb612150f9287ad414659 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
lsm: Use a compressed IPv6 string format in audit events
Audit: send signal info if selinux is disabled
Audit: rearrange audit_context to save 16 bytes per struct
Audit: reorganize struct audit_watch to save 8 bytes
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/audit.c | 18 | ||||
| -rw-r--r-- | kernel/audit_watch.c | 2 | ||||
| -rw-r--r-- | kernel/auditsc.c | 6 |
3 files changed, 16 insertions, 10 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index defc2e6f1e3b..5feed232be9d 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -855,18 +855,24 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 855 | break; | 855 | break; |
| 856 | } | 856 | } |
| 857 | case AUDIT_SIGNAL_INFO: | 857 | case AUDIT_SIGNAL_INFO: |
| 858 | err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); | 858 | len = 0; |
| 859 | if (err) | 859 | if (audit_sig_sid) { |
| 860 | return err; | 860 | err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); |
| 861 | if (err) | ||
| 862 | return err; | ||
| 863 | } | ||
| 861 | sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); | 864 | sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); |
| 862 | if (!sig_data) { | 865 | if (!sig_data) { |
| 863 | security_release_secctx(ctx, len); | 866 | if (audit_sig_sid) |
| 867 | security_release_secctx(ctx, len); | ||
| 864 | return -ENOMEM; | 868 | return -ENOMEM; |
| 865 | } | 869 | } |
| 866 | sig_data->uid = audit_sig_uid; | 870 | sig_data->uid = audit_sig_uid; |
| 867 | sig_data->pid = audit_sig_pid; | 871 | sig_data->pid = audit_sig_pid; |
| 868 | memcpy(sig_data->ctx, ctx, len); | 872 | if (audit_sig_sid) { |
| 869 | security_release_secctx(ctx, len); | 873 | memcpy(sig_data->ctx, ctx, len); |
| 874 | security_release_secctx(ctx, len); | ||
| 875 | } | ||
| 870 | audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO, | 876 | audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO, |
| 871 | 0, 0, sig_data, sizeof(*sig_data) + len); | 877 | 0, 0, sig_data, sizeof(*sig_data) + len); |
| 872 | kfree(sig_data); | 878 | kfree(sig_data); |
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c index 0e96dbc60ea9..cc7e87936cbc 100644 --- a/kernel/audit_watch.c +++ b/kernel/audit_watch.c | |||
| @@ -45,8 +45,8 @@ | |||
| 45 | 45 | ||
| 46 | struct audit_watch { | 46 | struct audit_watch { |
| 47 | atomic_t count; /* reference count */ | 47 | atomic_t count; /* reference count */ |
| 48 | char *path; /* insertion path */ | ||
| 49 | dev_t dev; /* associated superblock device */ | 48 | dev_t dev; /* associated superblock device */ |
| 49 | char *path; /* insertion path */ | ||
| 50 | unsigned long ino; /* associated inode number */ | 50 | unsigned long ino; /* associated inode number */ |
| 51 | struct audit_parent *parent; /* associated parent */ | 51 | struct audit_parent *parent; /* associated parent */ |
| 52 | struct list_head wlist; /* entry in parent->watches list */ | 52 | struct list_head wlist; /* entry in parent->watches list */ |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 68d3c6a0ecd6..267e484f0198 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -168,12 +168,12 @@ struct audit_context { | |||
| 168 | int in_syscall; /* 1 if task is in a syscall */ | 168 | int in_syscall; /* 1 if task is in a syscall */ |
| 169 | enum audit_state state, current_state; | 169 | enum audit_state state, current_state; |
| 170 | unsigned int serial; /* serial number for record */ | 170 | unsigned int serial; /* serial number for record */ |
| 171 | struct timespec ctime; /* time of syscall entry */ | ||
| 172 | int major; /* syscall number */ | 171 | int major; /* syscall number */ |
| 172 | struct timespec ctime; /* time of syscall entry */ | ||
| 173 | unsigned long argv[4]; /* syscall arguments */ | 173 | unsigned long argv[4]; /* syscall arguments */ |
| 174 | int return_valid; /* return code is valid */ | ||
| 175 | long return_code;/* syscall return code */ | 174 | long return_code;/* syscall return code */ |
| 176 | u64 prio; | 175 | u64 prio; |
| 176 | int return_valid; /* return code is valid */ | ||
| 177 | int name_count; | 177 | int name_count; |
| 178 | struct audit_names names[AUDIT_NAMES]; | 178 | struct audit_names names[AUDIT_NAMES]; |
| 179 | char * filterkey; /* key for rule that triggered record */ | 179 | char * filterkey; /* key for rule that triggered record */ |
| @@ -198,8 +198,8 @@ struct audit_context { | |||
| 198 | char target_comm[TASK_COMM_LEN]; | 198 | char target_comm[TASK_COMM_LEN]; |
| 199 | 199 | ||
| 200 | struct audit_tree_refs *trees, *first_trees; | 200 | struct audit_tree_refs *trees, *first_trees; |
| 201 | int tree_count; | ||
| 202 | struct list_head killed_trees; | 201 | struct list_head killed_trees; |
| 202 | int tree_count; | ||
| 203 | 203 | ||
| 204 | int type; | 204 | int type; |
| 205 | union { | 205 | union { |