diff options
-rw-r--r-- | include/linux/audit.h | 2 | ||||
-rw-r--r-- | kernel/audit.c | 49 | ||||
-rw-r--r-- | kernel/audit.h | 2 |
3 files changed, 27 insertions, 26 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 98fe8a26a601..aa865a9a4c4f 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -465,7 +465,7 @@ extern int audit_rule_change(int type, __u32 portid, int seq, | |||
465 | void *data, size_t datasz); | 465 | void *data, size_t datasz); |
466 | extern int audit_list_rules_send(__u32 portid, int seq); | 466 | extern int audit_list_rules_send(__u32 portid, int seq); |
467 | 467 | ||
468 | extern int audit_enabled; | 468 | extern u32 audit_enabled; |
469 | #else /* CONFIG_AUDIT */ | 469 | #else /* CONFIG_AUDIT */ |
470 | static inline __printf(4, 5) | 470 | static inline __printf(4, 5) |
471 | void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, | 471 | void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, |
diff --git a/kernel/audit.c b/kernel/audit.c index 5f4766f5216d..2df247dd2432 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -79,16 +79,16 @@ static int audit_initialized; | |||
79 | #define AUDIT_OFF 0 | 79 | #define AUDIT_OFF 0 |
80 | #define AUDIT_ON 1 | 80 | #define AUDIT_ON 1 |
81 | #define AUDIT_LOCKED 2 | 81 | #define AUDIT_LOCKED 2 |
82 | int audit_enabled; | 82 | u32 audit_enabled; |
83 | int audit_ever_enabled; | 83 | u32 audit_ever_enabled; |
84 | 84 | ||
85 | EXPORT_SYMBOL_GPL(audit_enabled); | 85 | EXPORT_SYMBOL_GPL(audit_enabled); |
86 | 86 | ||
87 | /* Default state when kernel boots without any parameters. */ | 87 | /* Default state when kernel boots without any parameters. */ |
88 | static int audit_default; | 88 | static u32 audit_default; |
89 | 89 | ||
90 | /* If auditing cannot proceed, audit_failure selects what happens. */ | 90 | /* If auditing cannot proceed, audit_failure selects what happens. */ |
91 | static int audit_failure = AUDIT_FAIL_PRINTK; | 91 | static u32 audit_failure = AUDIT_FAIL_PRINTK; |
92 | 92 | ||
93 | /* | 93 | /* |
94 | * If audit records are to be written to the netlink socket, audit_pid | 94 | * If audit records are to be written to the netlink socket, audit_pid |
@@ -101,14 +101,14 @@ static __u32 audit_nlk_portid; | |||
101 | /* If audit_rate_limit is non-zero, limit the rate of sending audit records | 101 | /* If audit_rate_limit is non-zero, limit the rate of sending audit records |
102 | * to that number per second. This prevents DoS attacks, but results in | 102 | * to that number per second. This prevents DoS attacks, but results in |
103 | * audit records being dropped. */ | 103 | * audit records being dropped. */ |
104 | static int audit_rate_limit; | 104 | static u32 audit_rate_limit; |
105 | 105 | ||
106 | /* Number of outstanding audit_buffers allowed. | 106 | /* Number of outstanding audit_buffers allowed. |
107 | * When set to zero, this means unlimited. */ | 107 | * When set to zero, this means unlimited. */ |
108 | static int audit_backlog_limit = 64; | 108 | static u32 audit_backlog_limit = 64; |
109 | #define AUDIT_BACKLOG_WAIT_TIME (60 * HZ) | 109 | #define AUDIT_BACKLOG_WAIT_TIME (60 * HZ) |
110 | static int audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; | 110 | static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; |
111 | static int audit_backlog_wait_overflow = 0; | 111 | static u32 audit_backlog_wait_overflow = 0; |
112 | 112 | ||
113 | /* The identity of the user shutting down the audit system. */ | 113 | /* The identity of the user shutting down the audit system. */ |
114 | kuid_t audit_sig_uid = INVALID_UID; | 114 | kuid_t audit_sig_uid = INVALID_UID; |
@@ -272,7 +272,7 @@ void audit_log_lost(const char *message) | |||
272 | 272 | ||
273 | if (print) { | 273 | if (print) { |
274 | if (printk_ratelimit()) | 274 | if (printk_ratelimit()) |
275 | pr_warn("audit_lost=%d audit_rate_limit=%d audit_backlog_limit=%d\n", | 275 | pr_warn("audit_lost=%u audit_rate_limit=%u audit_backlog_limit=%u\n", |
276 | atomic_read(&audit_lost), | 276 | atomic_read(&audit_lost), |
277 | audit_rate_limit, | 277 | audit_rate_limit, |
278 | audit_backlog_limit); | 278 | audit_backlog_limit); |
@@ -280,7 +280,7 @@ void audit_log_lost(const char *message) | |||
280 | } | 280 | } |
281 | } | 281 | } |
282 | 282 | ||
283 | static int audit_log_config_change(char *function_name, int new, int old, | 283 | static int audit_log_config_change(char *function_name, u32 new, u32 old, |
284 | int allow_changes) | 284 | int allow_changes) |
285 | { | 285 | { |
286 | struct audit_buffer *ab; | 286 | struct audit_buffer *ab; |
@@ -289,7 +289,7 @@ static int audit_log_config_change(char *function_name, int new, int old, | |||
289 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); | 289 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); |
290 | if (unlikely(!ab)) | 290 | if (unlikely(!ab)) |
291 | return rc; | 291 | return rc; |
292 | audit_log_format(ab, "%s=%d old=%d", function_name, new, old); | 292 | audit_log_format(ab, "%s=%u old=%u", function_name, new, old); |
293 | audit_log_session_info(ab); | 293 | audit_log_session_info(ab); |
294 | rc = audit_log_task_context(ab); | 294 | rc = audit_log_task_context(ab); |
295 | if (rc) | 295 | if (rc) |
@@ -299,9 +299,10 @@ static int audit_log_config_change(char *function_name, int new, int old, | |||
299 | return rc; | 299 | return rc; |
300 | } | 300 | } |
301 | 301 | ||
302 | static int audit_do_config_change(char *function_name, int *to_change, int new) | 302 | static int audit_do_config_change(char *function_name, u32 *to_change, u32 new) |
303 | { | 303 | { |
304 | int allow_changes, rc = 0, old = *to_change; | 304 | int allow_changes, rc = 0; |
305 | u32 old = *to_change; | ||
305 | 306 | ||
306 | /* check if we are locked */ | 307 | /* check if we are locked */ |
307 | if (audit_enabled == AUDIT_LOCKED) | 308 | if (audit_enabled == AUDIT_LOCKED) |
@@ -324,23 +325,23 @@ static int audit_do_config_change(char *function_name, int *to_change, int new) | |||
324 | return rc; | 325 | return rc; |
325 | } | 326 | } |
326 | 327 | ||
327 | static int audit_set_rate_limit(int limit) | 328 | static int audit_set_rate_limit(u32 limit) |
328 | { | 329 | { |
329 | return audit_do_config_change("audit_rate_limit", &audit_rate_limit, limit); | 330 | return audit_do_config_change("audit_rate_limit", &audit_rate_limit, limit); |
330 | } | 331 | } |
331 | 332 | ||
332 | static int audit_set_backlog_limit(int limit) | 333 | static int audit_set_backlog_limit(u32 limit) |
333 | { | 334 | { |
334 | return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, limit); | 335 | return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, limit); |
335 | } | 336 | } |
336 | 337 | ||
337 | static int audit_set_backlog_wait_time(int timeout) | 338 | static int audit_set_backlog_wait_time(u32 timeout) |
338 | { | 339 | { |
339 | return audit_do_config_change("audit_backlog_wait_time", | 340 | return audit_do_config_change("audit_backlog_wait_time", |
340 | &audit_backlog_wait_time, timeout); | 341 | &audit_backlog_wait_time, timeout); |
341 | } | 342 | } |
342 | 343 | ||
343 | static int audit_set_enabled(int state) | 344 | static int audit_set_enabled(u32 state) |
344 | { | 345 | { |
345 | int rc; | 346 | int rc; |
346 | if (state < AUDIT_OFF || state > AUDIT_LOCKED) | 347 | if (state < AUDIT_OFF || state > AUDIT_LOCKED) |
@@ -353,7 +354,7 @@ static int audit_set_enabled(int state) | |||
353 | return rc; | 354 | return rc; |
354 | } | 355 | } |
355 | 356 | ||
356 | static int audit_set_failure(int state) | 357 | static int audit_set_failure(u32 state) |
357 | { | 358 | { |
358 | if (state != AUDIT_FAIL_SILENT | 359 | if (state != AUDIT_FAIL_SILENT |
359 | && state != AUDIT_FAIL_PRINTK | 360 | && state != AUDIT_FAIL_PRINTK |
@@ -688,7 +689,7 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature | |||
688 | 689 | ||
689 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE); | 690 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE); |
690 | audit_log_task_info(ab, current); | 691 | audit_log_task_info(ab, current); |
691 | audit_log_format(ab, "feature=%s old=%d new=%d old_lock=%d new_lock=%d res=%d", | 692 | audit_log_format(ab, "feature=%s old=%u new=%u old_lock=%u new_lock=%u res=%d", |
692 | audit_feature_names[which], !!old_feature, !!new_feature, | 693 | audit_feature_names[which], !!old_feature, !!new_feature, |
693 | !!old_lock, !!new_lock, res); | 694 | !!old_lock, !!new_lock, res); |
694 | audit_log_end(ab); | 695 | audit_log_end(ab); |
@@ -1144,16 +1145,16 @@ __setup("audit=", audit_enable); | |||
1144 | * audit_backlog_limit=<n> */ | 1145 | * audit_backlog_limit=<n> */ |
1145 | static int __init audit_backlog_limit_set(char *str) | 1146 | static int __init audit_backlog_limit_set(char *str) |
1146 | { | 1147 | { |
1147 | long int audit_backlog_limit_arg; | 1148 | u32 audit_backlog_limit_arg; |
1148 | 1149 | ||
1149 | pr_info("audit_backlog_limit: "); | 1150 | pr_info("audit_backlog_limit: "); |
1150 | if (kstrtol(str, 0, &audit_backlog_limit_arg)) { | 1151 | if (kstrtouint(str, 0, &audit_backlog_limit_arg)) { |
1151 | pr_cont("using default of %d, unable to parse %s\n", | 1152 | pr_cont("using default of %u, unable to parse %s\n", |
1152 | audit_backlog_limit, str); | 1153 | audit_backlog_limit, str); |
1153 | return 1; | 1154 | return 1; |
1154 | } | 1155 | } |
1155 | if (audit_backlog_limit_arg >= 0) | 1156 | |
1156 | audit_backlog_limit = (int)audit_backlog_limit_arg; | 1157 | audit_backlog_limit = audit_backlog_limit_arg; |
1157 | pr_cont("%d\n", audit_backlog_limit); | 1158 | pr_cont("%d\n", audit_backlog_limit); |
1158 | 1159 | ||
1159 | return 1; | 1160 | return 1; |
diff --git a/kernel/audit.h b/kernel/audit.h index 0719b4547221..57cc64d67718 100644 --- a/kernel/audit.h +++ b/kernel/audit.h | |||
@@ -209,7 +209,7 @@ struct audit_context { | |||
209 | #endif | 209 | #endif |
210 | }; | 210 | }; |
211 | 211 | ||
212 | extern int audit_ever_enabled; | 212 | extern u32 audit_ever_enabled; |
213 | 213 | ||
214 | extern void audit_copy_inode(struct audit_names *name, | 214 | extern void audit_copy_inode(struct audit_names *name, |
215 | const struct dentry *dentry, | 215 | const struct dentry *dentry, |