userns: Convert selinux to use kuid and kgid where appropriate

Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <james.l.morris@oracle.com> Cc: Eric Paris <eparis@parisplace.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2012-08-20 03:09:36 -0400
committer: Eric W. Biederman <ebiederm@xmission.com> 2012-09-21 06:13:22 -0400
commit: 581abc09c2205e05256d7f75410345d5392d5098 (patch)
tree: af6bbd233f6030fa51a7dcbf0754e83650e0b0ad /security
parent: 609fcd1b3a55f99667c61609895c83019b21baad (diff)
2 files changed, 4 insertions, 4 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 298e695d6822..55af8c5b57e6 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -174,7 +174,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
                audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
                        "enforcing=%d old_enforcing=%d auid=%u ses=%u",
                        new_value, selinux_enforcing,
-                        audit_get_loginuid(current),
+                        from_kuid(&init_user_ns, audit_get_loginuid(current)),
                        audit_get_sessionid(current));
                selinux_enforcing = new_value;
                if (selinux_enforcing)
@@ -305,7 +305,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
                        goto out;
                audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
                        "selinux=0 auid=%u ses=%u",
-                        audit_get_loginuid(current),
+                        from_kuid(&init_user_ns, audit_get_loginuid(current)),
                        audit_get_sessionid(current));
        }
@@ -551,7 +551,7 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
 out1:
        audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
                "policy loaded auid=%u ses=%u",
-                audit_get_loginuid(current),
+                from_kuid(&init_user_ns, audit_get_loginuid(current)),
                audit_get_sessionid(current));
 out:
        mutex_unlock(&sel_mutex);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 4321b8fc8863..b4feecc3fe01 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2440,7 +2440,7 @@ int security_set_bools(int len, int *values)
                                sym_name(&policydb, SYM_BOOLS, i),
                                !!values[i],
                                policydb.bool_val_to_struct[i]->state,
-                                audit_get_loginuid(current),
+                                from_kuid(&init_user_ns, audit_get_loginuid(current)),
                                audit_get_sessionid(current));
                }
                if (values[i])
author	Eric W. Biederman <ebiederm@xmission.com>	2012-08-20 03:09:36 -0400
committer	Eric W. Biederman <ebiederm@xmission.com>	2012-09-21 06:13:22 -0400
commit	581abc09c2205e05256d7f75410345d5392d5098 (patch)
tree	af6bbd233f6030fa51a7dcbf0754e83650e0b0ad /security
parent	609fcd1b3a55f99667c61609895c83019b21baad (diff)

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 298e695d6822..55af8c5b57e6 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c
@@ -174,7 +174,7 @@ static ssize_t sel_write_enforce(struct file file, const char __user buf,
174	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,	174	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
175	"enforcing=%d old_enforcing=%d auid=%u ses=%u",	175	"enforcing=%d old_enforcing=%d auid=%u ses=%u",
176	new_value, selinux_enforcing,	176	new_value, selinux_enforcing,
177	audit_get_loginuid(current),	177	from_kuid(&init_user_ns, audit_get_loginuid(current)),
178	audit_get_sessionid(current));	178	audit_get_sessionid(current));
179	selinux_enforcing = new_value;	179	selinux_enforcing = new_value;
180	if (selinux_enforcing)	180	if (selinux_enforcing)
@@ -305,7 +305,7 @@ static ssize_t sel_write_disable(struct file file, const char __user buf,
305	goto out;	305	goto out;
306	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,	306	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
307	"selinux=0 auid=%u ses=%u",	307	"selinux=0 auid=%u ses=%u",
308	audit_get_loginuid(current),	308	from_kuid(&init_user_ns, audit_get_loginuid(current)),
309	audit_get_sessionid(current));	309	audit_get_sessionid(current));
310	}	310	}
311		311
@@ -551,7 +551,7 @@ static ssize_t sel_write_load(struct file file, const char __user buf,
551	out1:	551	out1:
552	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,	552	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
553	"policy loaded auid=%u ses=%u",	553	"policy loaded auid=%u ses=%u",
554	audit_get_loginuid(current),	554	from_kuid(&init_user_ns, audit_get_loginuid(current)),
555	audit_get_sessionid(current));	555	audit_get_sessionid(current));
556	out:	556	out:
557	mutex_unlock(&sel_mutex);	557	mutex_unlock(&sel_mutex);


diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 4321b8fc8863..b4feecc3fe01 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -2440,7 +2440,7 @@ int security_set_bools(int len, int *values)
2440	sym_name(&policydb, SYM_BOOLS, i),	2440	sym_name(&policydb, SYM_BOOLS, i),
2441	!!values[i],	2441	!!values[i],
2442	policydb.bool_val_to_struct[i]->state,	2442	policydb.bool_val_to_struct[i]->state,
2443	audit_get_loginuid(current),	2443	from_kuid(&init_user_ns, audit_get_loginuid(current)),
2444	audit_get_sessionid(current));	2444	audit_get_sessionid(current));
2445	}	2445	}
2446	if (values[i])	2446	if (values[i])