diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-01-17 19:06:51 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-01-17 19:41:31 -0500 |
| commit | f429ee3b808118591d1f3cdf3c0d0793911a5677 (patch) | |
| tree | 96d848f5f677d96758ecd2aee5eb6931b75bf218 /security | |
| parent | 22b4eb5e3174efb49791c62823d0cccc35394c36 (diff) | |
| parent | c158a35c8a681cf68d36f22f058f9f5466386c71 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit: (29 commits)
audit: no leading space in audit_log_d_path prefix
audit: treat s_id as an untrusted string
audit: fix signedness bug in audit_log_execve_info()
audit: comparison on interprocess fields
audit: implement all object interfield comparisons
audit: allow interfield comparison between gid and ogid
audit: complex interfield comparison helper
audit: allow interfield comparison in audit rules
Kernel: Audit Support For The ARM Platform
audit: do not call audit_getname on error
audit: only allow tasks to set their loginuid if it is -1
audit: remove task argument to audit_set_loginuid
audit: allow audit matching on inode gid
audit: allow matching on obj_uid
audit: remove audit_finish_fork as it can't be called
audit: reject entry,always rules
audit: inline audit_free to simplify the look of generic code
audit: drop audit_set_macxattr as it doesn't do anything
audit: inline checks for not needing to collect aux records
audit: drop some potentially inadvisable likely notations
...
Use evil merge to fix up grammar mistakes in Kconfig file.
Bad speling and horrible grammar (and copious swearing) is to be
expected, but let's keep it to commit messages and comments, rather than
expose it to users in config help texts or printouts.
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_audit.c | 8 | ||||
| -rw-r--r-- | security/lsm_audit.c | 27 |
2 files changed, 20 insertions, 15 deletions
diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c index c5c5a72c30be..2ad942fb1e23 100644 --- a/security/integrity/ima/ima_audit.c +++ b/security/integrity/ima/ima_audit.c | |||
| @@ -56,9 +56,11 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, | |||
| 56 | audit_log_format(ab, " name="); | 56 | audit_log_format(ab, " name="); |
| 57 | audit_log_untrustedstring(ab, fname); | 57 | audit_log_untrustedstring(ab, fname); |
| 58 | } | 58 | } |
| 59 | if (inode) | 59 | if (inode) { |
| 60 | audit_log_format(ab, " dev=%s ino=%lu", | 60 | audit_log_format(ab, " dev="); |
| 61 | inode->i_sb->s_id, inode->i_ino); | 61 | audit_log_untrustedstring(ab, inode->i_sb->s_id); |
| 62 | audit_log_format(ab, " ino=%lu", inode->i_ino); | ||
| 63 | } | ||
| 62 | audit_log_format(ab, " res=%d", !result ? 0 : 1); | 64 | audit_log_format(ab, " res=%d", !result ? 0 : 1); |
| 63 | audit_log_end(ab); | 65 | audit_log_end(ab); |
| 64 | } | 66 | } |
diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 7bd6f138236b..293b8c45b1d1 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c | |||
| @@ -232,13 +232,14 @@ static void dump_common_audit_data(struct audit_buffer *ab, | |||
| 232 | case LSM_AUDIT_DATA_PATH: { | 232 | case LSM_AUDIT_DATA_PATH: { |
| 233 | struct inode *inode; | 233 | struct inode *inode; |
| 234 | 234 | ||
| 235 | audit_log_d_path(ab, "path=", &a->u.path); | 235 | audit_log_d_path(ab, " path=", &a->u.path); |
| 236 | 236 | ||
| 237 | inode = a->u.path.dentry->d_inode; | 237 | inode = a->u.path.dentry->d_inode; |
| 238 | if (inode) | 238 | if (inode) { |
| 239 | audit_log_format(ab, " dev=%s ino=%lu", | 239 | audit_log_format(ab, " dev="); |
| 240 | inode->i_sb->s_id, | 240 | audit_log_untrustedstring(ab, inode->i_sb->s_id); |
| 241 | inode->i_ino); | 241 | audit_log_format(ab, " ino=%lu", inode->i_ino); |
| 242 | } | ||
| 242 | break; | 243 | break; |
| 243 | } | 244 | } |
| 244 | case LSM_AUDIT_DATA_DENTRY: { | 245 | case LSM_AUDIT_DATA_DENTRY: { |
| @@ -248,10 +249,11 @@ static void dump_common_audit_data(struct audit_buffer *ab, | |||
| 248 | audit_log_untrustedstring(ab, a->u.dentry->d_name.name); | 249 | audit_log_untrustedstring(ab, a->u.dentry->d_name.name); |
| 249 | 250 | ||
| 250 | inode = a->u.dentry->d_inode; | 251 | inode = a->u.dentry->d_inode; |
| 251 | if (inode) | 252 | if (inode) { |
| 252 | audit_log_format(ab, " dev=%s ino=%lu", | 253 | audit_log_format(ab, " dev="); |
| 253 | inode->i_sb->s_id, | 254 | audit_log_untrustedstring(ab, inode->i_sb->s_id); |
| 254 | inode->i_ino); | 255 | audit_log_format(ab, " ino=%lu", inode->i_ino); |
| 256 | } | ||
| 255 | break; | 257 | break; |
| 256 | } | 258 | } |
| 257 | case LSM_AUDIT_DATA_INODE: { | 259 | case LSM_AUDIT_DATA_INODE: { |
| @@ -266,8 +268,9 @@ static void dump_common_audit_data(struct audit_buffer *ab, | |||
| 266 | dentry->d_name.name); | 268 | dentry->d_name.name); |
| 267 | dput(dentry); | 269 | dput(dentry); |
| 268 | } | 270 | } |
| 269 | audit_log_format(ab, " dev=%s ino=%lu", inode->i_sb->s_id, | 271 | audit_log_format(ab, " dev="); |
| 270 | inode->i_ino); | 272 | audit_log_untrustedstring(ab, inode->i_sb->s_id); |
| 273 | audit_log_format(ab, " ino=%lu", inode->i_ino); | ||
| 271 | break; | 274 | break; |
| 272 | } | 275 | } |
| 273 | case LSM_AUDIT_DATA_TASK: | 276 | case LSM_AUDIT_DATA_TASK: |
| @@ -315,7 +318,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, | |||
| 315 | .dentry = u->dentry, | 318 | .dentry = u->dentry, |
| 316 | .mnt = u->mnt | 319 | .mnt = u->mnt |
| 317 | }; | 320 | }; |
| 318 | audit_log_d_path(ab, "path=", &path); | 321 | audit_log_d_path(ab, " path=", &path); |
| 319 | break; | 322 | break; |
| 320 | } | 323 | } |
| 321 | if (!u->addr) | 324 | if (!u->addr) |