diff options
Diffstat (limited to 'kernel/audit.c')
| -rw-r--r-- | kernel/audit.c | 47 |
1 files changed, 30 insertions, 17 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 72ab759a0b43..ab5745ddf962 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -43,6 +43,7 @@ | |||
| 43 | 43 | ||
| 44 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | 44 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
| 45 | 45 | ||
| 46 | #include <linux/file.h> | ||
| 46 | #include <linux/init.h> | 47 | #include <linux/init.h> |
| 47 | #include <linux/types.h> | 48 | #include <linux/types.h> |
| 48 | #include <linux/atomic.h> | 49 | #include <linux/atomic.h> |
| @@ -107,6 +108,7 @@ static u32 audit_rate_limit; | |||
| 107 | * When set to zero, this means unlimited. */ | 108 | * When set to zero, this means unlimited. */ |
| 108 | static u32 audit_backlog_limit = 64; | 109 | static u32 audit_backlog_limit = 64; |
| 109 | #define AUDIT_BACKLOG_WAIT_TIME (60 * HZ) | 110 | #define AUDIT_BACKLOG_WAIT_TIME (60 * HZ) |
| 111 | static u32 audit_backlog_wait_time_master = AUDIT_BACKLOG_WAIT_TIME; | ||
| 110 | static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; | 112 | static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; |
| 111 | static u32 audit_backlog_wait_overflow = 0; | 113 | static u32 audit_backlog_wait_overflow = 0; |
| 112 | 114 | ||
| @@ -338,13 +340,13 @@ static int audit_set_backlog_limit(u32 limit) | |||
| 338 | static int audit_set_backlog_wait_time(u32 timeout) | 340 | static int audit_set_backlog_wait_time(u32 timeout) |
| 339 | { | 341 | { |
| 340 | return audit_do_config_change("audit_backlog_wait_time", | 342 | return audit_do_config_change("audit_backlog_wait_time", |
| 341 | &audit_backlog_wait_time, timeout); | 343 | &audit_backlog_wait_time_master, timeout); |
| 342 | } | 344 | } |
| 343 | 345 | ||
| 344 | static int audit_set_enabled(u32 state) | 346 | static int audit_set_enabled(u32 state) |
| 345 | { | 347 | { |
| 346 | int rc; | 348 | int rc; |
| 347 | if (state < AUDIT_OFF || state > AUDIT_LOCKED) | 349 | if (state > AUDIT_LOCKED) |
| 348 | return -EINVAL; | 350 | return -EINVAL; |
| 349 | 351 | ||
| 350 | rc = audit_do_config_change("audit_enabled", &audit_enabled, state); | 352 | rc = audit_do_config_change("audit_enabled", &audit_enabled, state); |
| @@ -663,7 +665,7 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type) | |||
| 663 | case AUDIT_MAKE_EQUIV: | 665 | case AUDIT_MAKE_EQUIV: |
| 664 | /* Only support auditd and auditctl in initial pid namespace | 666 | /* Only support auditd and auditctl in initial pid namespace |
| 665 | * for now. */ | 667 | * for now. */ |
| 666 | if ((task_active_pid_ns(current) != &init_pid_ns)) | 668 | if (task_active_pid_ns(current) != &init_pid_ns) |
| 667 | return -EPERM; | 669 | return -EPERM; |
| 668 | 670 | ||
| 669 | if (!netlink_capable(skb, CAP_AUDIT_CONTROL)) | 671 | if (!netlink_capable(skb, CAP_AUDIT_CONTROL)) |
| @@ -834,7 +836,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 834 | s.lost = atomic_read(&audit_lost); | 836 | s.lost = atomic_read(&audit_lost); |
| 835 | s.backlog = skb_queue_len(&audit_skb_queue); | 837 | s.backlog = skb_queue_len(&audit_skb_queue); |
| 836 | s.feature_bitmap = AUDIT_FEATURE_BITMAP_ALL; | 838 | s.feature_bitmap = AUDIT_FEATURE_BITMAP_ALL; |
| 837 | s.backlog_wait_time = audit_backlog_wait_time; | 839 | s.backlog_wait_time = audit_backlog_wait_time_master; |
| 838 | audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &s, sizeof(s)); | 840 | audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &s, sizeof(s)); |
| 839 | break; | 841 | break; |
| 840 | } | 842 | } |
| @@ -877,8 +879,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 877 | if (s.mask & AUDIT_STATUS_BACKLOG_WAIT_TIME) { | 879 | if (s.mask & AUDIT_STATUS_BACKLOG_WAIT_TIME) { |
| 878 | if (sizeof(s) > (size_t)nlh->nlmsg_len) | 880 | if (sizeof(s) > (size_t)nlh->nlmsg_len) |
| 879 | return -EINVAL; | 881 | return -EINVAL; |
| 880 | if (s.backlog_wait_time < 0 || | 882 | if (s.backlog_wait_time > 10*AUDIT_BACKLOG_WAIT_TIME) |
| 881 | s.backlog_wait_time > 10*AUDIT_BACKLOG_WAIT_TIME) | ||
| 882 | return -EINVAL; | 883 | return -EINVAL; |
| 883 | err = audit_set_backlog_wait_time(s.backlog_wait_time); | 884 | err = audit_set_backlog_wait_time(s.backlog_wait_time); |
| 884 | if (err < 0) | 885 | if (err < 0) |
| @@ -1385,7 +1386,8 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, | |||
| 1385 | return NULL; | 1386 | return NULL; |
| 1386 | } | 1387 | } |
| 1387 | 1388 | ||
| 1388 | audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; | 1389 | if (!reserve) |
| 1390 | audit_backlog_wait_time = audit_backlog_wait_time_master; | ||
| 1389 | 1391 | ||
| 1390 | ab = audit_buffer_alloc(ctx, gfp_mask, type); | 1392 | ab = audit_buffer_alloc(ctx, gfp_mask, type); |
| 1391 | if (!ab) { | 1393 | if (!ab) { |
| @@ -1759,7 +1761,7 @@ void audit_log_name(struct audit_context *context, struct audit_names *n, | |||
| 1759 | } else | 1761 | } else |
| 1760 | audit_log_format(ab, " name=(null)"); | 1762 | audit_log_format(ab, " name=(null)"); |
| 1761 | 1763 | ||
| 1762 | if (n->ino != (unsigned long)-1) { | 1764 | if (n->ino != (unsigned long)-1) |
| 1763 | audit_log_format(ab, " inode=%lu" | 1765 | audit_log_format(ab, " inode=%lu" |
| 1764 | " dev=%02x:%02x mode=%#ho" | 1766 | " dev=%02x:%02x mode=%#ho" |
| 1765 | " ouid=%u ogid=%u rdev=%02x:%02x", | 1767 | " ouid=%u ogid=%u rdev=%02x:%02x", |
| @@ -1771,7 +1773,6 @@ void audit_log_name(struct audit_context *context, struct audit_names *n, | |||
| 1771 | from_kgid(&init_user_ns, n->gid), | 1773 | from_kgid(&init_user_ns, n->gid), |
| 1772 | MAJOR(n->rdev), | 1774 | MAJOR(n->rdev), |
| 1773 | MINOR(n->rdev)); | 1775 | MINOR(n->rdev)); |
| 1774 | } | ||
| 1775 | if (n->osid != 0) { | 1776 | if (n->osid != 0) { |
| 1776 | char *ctx = NULL; | 1777 | char *ctx = NULL; |
| 1777 | u32 len; | 1778 | u32 len; |
| @@ -1838,11 +1839,29 @@ error_path: | |||
| 1838 | } | 1839 | } |
| 1839 | EXPORT_SYMBOL(audit_log_task_context); | 1840 | EXPORT_SYMBOL(audit_log_task_context); |
| 1840 | 1841 | ||
| 1842 | void audit_log_d_path_exe(struct audit_buffer *ab, | ||
| 1843 | struct mm_struct *mm) | ||
| 1844 | { | ||
| 1845 | struct file *exe_file; | ||
| 1846 | |||
| 1847 | if (!mm) | ||
| 1848 | goto out_null; | ||
| 1849 | |||
| 1850 | exe_file = get_mm_exe_file(mm); | ||
| 1851 | if (!exe_file) | ||
| 1852 | goto out_null; | ||
| 1853 | |||
| 1854 | audit_log_d_path(ab, " exe=", &exe_file->f_path); | ||
| 1855 | fput(exe_file); | ||
| 1856 | return; | ||
| 1857 | out_null: | ||
| 1858 | audit_log_format(ab, " exe=(null)"); | ||
| 1859 | } | ||
| 1860 | |||
| 1841 | void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) | 1861 | void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) |
| 1842 | { | 1862 | { |
| 1843 | const struct cred *cred; | 1863 | const struct cred *cred; |
| 1844 | char comm[sizeof(tsk->comm)]; | 1864 | char comm[sizeof(tsk->comm)]; |
| 1845 | struct mm_struct *mm = tsk->mm; | ||
| 1846 | char *tty; | 1865 | char *tty; |
| 1847 | 1866 | ||
| 1848 | if (!ab) | 1867 | if (!ab) |
| @@ -1878,13 +1897,7 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) | |||
| 1878 | audit_log_format(ab, " comm="); | 1897 | audit_log_format(ab, " comm="); |
| 1879 | audit_log_untrustedstring(ab, get_task_comm(comm, tsk)); | 1898 | audit_log_untrustedstring(ab, get_task_comm(comm, tsk)); |
| 1880 | 1899 | ||
| 1881 | if (mm) { | 1900 | audit_log_d_path_exe(ab, tsk->mm); |
| 1882 | down_read(&mm->mmap_sem); | ||
| 1883 | if (mm->exe_file) | ||
| 1884 | audit_log_d_path(ab, " exe=", &mm->exe_file->f_path); | ||
| 1885 | up_read(&mm->mmap_sem); | ||
| 1886 | } else | ||
| 1887 | audit_log_format(ab, " exe=(null)"); | ||
| 1888 | audit_log_task_context(ab); | 1901 | audit_log_task_context(ab); |
| 1889 | } | 1902 | } |
| 1890 | EXPORT_SYMBOL(audit_log_task_info); | 1903 | EXPORT_SYMBOL(audit_log_task_info); |