diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2014-02-28 22:44:55 -0500 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2014-02-28 22:44:55 -0500 |
| commit | 6f285b19d09f72e801525f5eea1bdad22e559bf0 (patch) | |
| tree | ece90969f72ebf9b06b0386762b35cb20e415dd4 /kernel | |
| parent | 48095d991d85687569ac025b18a6c7ae1632c9f7 (diff) | |
audit: Send replies in the proper network namespace.
In perverse cases of file descriptor passing the current network
namespace of a process and the network namespace of a socket used by
that socket may differ. Therefore use the network namespace of the
appropiate socket to ensure replies always go to the appropiate
socket.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/audit.c | 21 | ||||
| -rw-r--r-- | kernel/auditfilter.c | 7 |
2 files changed, 15 insertions, 13 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 1e5756f16f6f..32086bff5564 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -570,9 +570,11 @@ static int audit_send_reply_thread(void *arg) | |||
| 570 | * Allocates an skb, builds the netlink message, and sends it to the port id. | 570 | * Allocates an skb, builds the netlink message, and sends it to the port id. |
| 571 | * No failure notifications. | 571 | * No failure notifications. |
| 572 | */ | 572 | */ |
| 573 | static void audit_send_reply(__u32 portid, int seq, int type, int done, | 573 | static void audit_send_reply(struct sk_buff *request_skb, int seq, int type, int done, |
| 574 | int multi, const void *payload, int size) | 574 | int multi, const void *payload, int size) |
| 575 | { | 575 | { |
| 576 | u32 portid = NETLINK_CB(request_skb).portid; | ||
| 577 | struct net *net = sock_net(NETLINK_CB(request_skb).sk); | ||
| 576 | struct sk_buff *skb; | 578 | struct sk_buff *skb; |
| 577 | struct task_struct *tsk; | 579 | struct task_struct *tsk; |
| 578 | struct audit_reply *reply = kmalloc(sizeof(struct audit_reply), | 580 | struct audit_reply *reply = kmalloc(sizeof(struct audit_reply), |
| @@ -585,7 +587,7 @@ static void audit_send_reply(__u32 portid, int seq, int type, int done, | |||
| 585 | if (!skb) | 587 | if (!skb) |
| 586 | goto out; | 588 | goto out; |
| 587 | 589 | ||
| 588 | reply->net = get_net(current->nsproxy->net_ns); | 590 | reply->net = get_net(net); |
| 589 | reply->portid = portid; | 591 | reply->portid = portid; |
| 590 | reply->skb = skb; | 592 | reply->skb = skb; |
| 591 | 593 | ||
| @@ -675,8 +677,7 @@ static int audit_get_feature(struct sk_buff *skb) | |||
| 675 | 677 | ||
| 676 | seq = nlmsg_hdr(skb)->nlmsg_seq; | 678 | seq = nlmsg_hdr(skb)->nlmsg_seq; |
| 677 | 679 | ||
| 678 | audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, | 680 | audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &af, sizeof(af)); |
| 679 | &af, sizeof(af)); | ||
| 680 | 681 | ||
| 681 | return 0; | 682 | return 0; |
| 682 | } | 683 | } |
| @@ -796,8 +797,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 796 | s.backlog = skb_queue_len(&audit_skb_queue); | 797 | s.backlog = skb_queue_len(&audit_skb_queue); |
| 797 | s.version = AUDIT_VERSION_LATEST; | 798 | s.version = AUDIT_VERSION_LATEST; |
| 798 | s.backlog_wait_time = audit_backlog_wait_time; | 799 | s.backlog_wait_time = audit_backlog_wait_time; |
| 799 | audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, | 800 | audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &s, sizeof(s)); |
| 800 | &s, sizeof(s)); | ||
| 801 | break; | 801 | break; |
| 802 | } | 802 | } |
| 803 | case AUDIT_SET: { | 803 | case AUDIT_SET: { |
| @@ -907,7 +907,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 907 | seq, data, nlmsg_len(nlh)); | 907 | seq, data, nlmsg_len(nlh)); |
| 908 | break; | 908 | break; |
| 909 | case AUDIT_LIST_RULES: | 909 | case AUDIT_LIST_RULES: |
| 910 | err = audit_list_rules_send(NETLINK_CB(skb).portid, seq); | 910 | err = audit_list_rules_send(skb, seq); |
| 911 | break; | 911 | break; |
| 912 | case AUDIT_TRIM: | 912 | case AUDIT_TRIM: |
| 913 | audit_trim_trees(); | 913 | audit_trim_trees(); |
| @@ -972,8 +972,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 972 | memcpy(sig_data->ctx, ctx, len); | 972 | memcpy(sig_data->ctx, ctx, len); |
| 973 | security_release_secctx(ctx, len); | 973 | security_release_secctx(ctx, len); |
| 974 | } | 974 | } |
| 975 | audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_SIGNAL_INFO, | 975 | audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, |
| 976 | 0, 0, sig_data, sizeof(*sig_data) + len); | 976 | sig_data, sizeof(*sig_data) + len); |
| 977 | kfree(sig_data); | 977 | kfree(sig_data); |
| 978 | break; | 978 | break; |
| 979 | case AUDIT_TTY_GET: { | 979 | case AUDIT_TTY_GET: { |
| @@ -985,8 +985,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 985 | s.log_passwd = tsk->signal->audit_tty_log_passwd; | 985 | s.log_passwd = tsk->signal->audit_tty_log_passwd; |
| 986 | spin_unlock(&tsk->sighand->siglock); | 986 | spin_unlock(&tsk->sighand->siglock); |
| 987 | 987 | ||
| 988 | audit_send_reply(NETLINK_CB(skb).portid, seq, | 988 | audit_send_reply(skb, seq, AUDIT_TTY_GET, 0, 0, &s, sizeof(s)); |
| 989 | AUDIT_TTY_GET, 0, 0, &s, sizeof(s)); | ||
| 990 | break; | 989 | break; |
| 991 | } | 990 | } |
| 992 | case AUDIT_TTY_SET: { | 991 | case AUDIT_TTY_SET: { |
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index a5e3d73d73e4..e8d1c7c515d7 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -30,6 +30,7 @@ | |||
| 30 | #include <linux/slab.h> | 30 | #include <linux/slab.h> |
| 31 | #include <linux/security.h> | 31 | #include <linux/security.h> |
| 32 | #include <net/net_namespace.h> | 32 | #include <net/net_namespace.h> |
| 33 | #include <net/sock.h> | ||
| 33 | #include "audit.h" | 34 | #include "audit.h" |
| 34 | 35 | ||
| 35 | /* | 36 | /* |
| @@ -1069,8 +1070,10 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data, | |||
| 1069 | * @portid: target portid for netlink audit messages | 1070 | * @portid: target portid for netlink audit messages |
| 1070 | * @seq: netlink audit message sequence (serial) number | 1071 | * @seq: netlink audit message sequence (serial) number |
| 1071 | */ | 1072 | */ |
| 1072 | int audit_list_rules_send(__u32 portid, int seq) | 1073 | int audit_list_rules_send(struct sk_buff *request_skb, int seq) |
| 1073 | { | 1074 | { |
| 1075 | u32 portid = NETLINK_CB(request_skb).portid; | ||
| 1076 | struct net *net = sock_net(NETLINK_CB(request_skb).sk); | ||
| 1074 | struct task_struct *tsk; | 1077 | struct task_struct *tsk; |
| 1075 | struct audit_netlink_list *dest; | 1078 | struct audit_netlink_list *dest; |
| 1076 | int err = 0; | 1079 | int err = 0; |
| @@ -1084,7 +1087,7 @@ int audit_list_rules_send(__u32 portid, int seq) | |||
| 1084 | dest = kmalloc(sizeof(struct audit_netlink_list), GFP_KERNEL); | 1087 | dest = kmalloc(sizeof(struct audit_netlink_list), GFP_KERNEL); |
| 1085 | if (!dest) | 1088 | if (!dest) |
| 1086 | return -ENOMEM; | 1089 | return -ENOMEM; |
| 1087 | dest->net = get_net(current->nsproxy->net_ns); | 1090 | dest->net = get_net(net); |
| 1088 | dest->portid = portid; | 1091 | dest->portid = portid; |
| 1089 | skb_queue_head_init(&dest->q); | 1092 | skb_queue_head_init(&dest->q); |
| 1090 | 1093 | ||