1 files changed, 58 insertions, 84 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index ea3b7b6191c7..4d0ceede3319 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -61,6 +61,7 @@
 #include <linux/netlink.h>
 #include <linux/freezer.h>
 #include <linux/tty.h>
+#include <linux/pid_namespace.h>
 #include "audit.h"
@@ -87,11 +88,11 @@ static int	audit_failure = AUDIT_FAIL_PRINTK;
 /*
 * If audit records are to be written to the netlink socket, audit_pid
- * contains the pid of the auditd process and audit_nlk_pid contains
+ * contains the pid of the auditd process and audit_nlk_portid contains
- * the pid to use to send netlink messages to that process.
+ * the portid to use to send netlink messages to that process.
 */
 int             audit_pid;
-static int      audit_nlk_pid;
+static int      audit_nlk_portid;
 /* If audit_rate_limit is non-zero, limit the rate of sending audit records
 * to that number per second.  This prevents DoS attacks, but results in
@@ -104,7 +105,7 @@ static int	audit_backlog_wait_time = 60 * HZ;
 static int      audit_backlog_wait_overflow = 0;
 /* The identity of the user shutting down the audit system. */
-uid_t           audit_sig_uid = -1;
+kuid_t          audit_sig_uid = INVALID_UID;
 pid_t           audit_sig_pid = -1;
 u32             audit_sig_sid = 0;
@@ -264,7 +265,7 @@ void audit_log_lost(const char *message)
 }
 static int audit_log_config_change(char *function_name, int new, int old,
-                                   uid_t loginuid, u32 sessionid, u32 sid,
+                                   kuid_t loginuid, u32 sessionid, u32 sid,
                                   int allow_changes)
 {
        struct audit_buffer *ab;
@@ -272,7 +273,7 @@ static int audit_log_config_change(char *function_name, int new, int old,
        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
        audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
-                         old, loginuid, sessionid);
+                         old, from_kuid(&init_user_ns, loginuid), sessionid);
        if (sid) {
                char *ctx = NULL;
                u32 len;
@@ -292,7 +293,7 @@ static int audit_log_config_change(char *function_name, int new, int old,
 }
 static int audit_do_config_change(char *function_name, int *to_change,
-                                  int new, uid_t loginuid, u32 sessionid,
+                                  int new, kuid_t loginuid, u32 sessionid,
                                  u32 sid)
 {
        int allow_changes, rc = 0, old = *to_change;
@@ -319,21 +320,21 @@ static int audit_do_config_change(char *function_name, int *to_change,
        return rc;
 }
-static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sessionid,
+static int audit_set_rate_limit(int limit, kuid_t loginuid, u32 sessionid,
                                u32 sid)
 {
        return audit_do_config_change("audit_rate_limit", &audit_rate_limit,
                                      limit, loginuid, sessionid, sid);
 }
-static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sessionid,
+static int audit_set_backlog_limit(int limit, kuid_t loginuid, u32 sessionid,
                                   u32 sid)
 {
        return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit,
                                      limit, loginuid, sessionid, sid);
 }
-static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid)
+static int audit_set_enabled(int state, kuid_t loginuid, u32 sessionid, u32 sid)
 {
        int rc;
        if (state < AUDIT_OFF || state > AUDIT_LOCKED)
@@ -348,7 +349,7 @@ static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid)
        return rc;
 }
-static int audit_set_failure(int state, uid_t loginuid, u32 sessionid, u32 sid)
+static int audit_set_failure(int state, kuid_t loginuid, u32 sessionid, u32 sid)
 {
        if (state != AUDIT_FAIL_SILENT
            && state != AUDIT_FAIL_PRINTK
@@ -401,7 +402,7 @@ static void kauditd_send_skb(struct sk_buff *skb)
        int err;
        /* take a reference in case we can't send it and we want to hold it */
        skb_get(skb);
-        err = netlink_unicast(audit_sock, skb, audit_nlk_pid, 0);
+        err = netlink_unicast(audit_sock, skb, audit_nlk_portid, 0);
        if (err < 0) {
                BUG_ON(err != -ECONNREFUSED); /* Shouldn't happen */
                printk(KERN_ERR "audit: *NO* daemon at audit_pid=%d\n", audit_pid);
@@ -467,24 +468,6 @@ static int kauditd_thread(void *dummy)
        return 0;
 }
-static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
-{
-        struct task_struct *tsk;
-        int err;
-        rcu_read_lock();
-        tsk = find_task_by_vpid(pid);
-        if (!tsk) {
-                rcu_read_unlock();
-                return -ESRCH;
-        }
-        get_task_struct(tsk);
-        rcu_read_unlock();
-        err = tty_audit_push_task(tsk, loginuid, sessionid);
-        put_task_struct(tsk);
-        return err;
-}
 int audit_send_list(void *_dest)
 {
        struct audit_netlink_list *dest = _dest;
@@ -588,6 +571,11 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
 {
        int err = 0;
+        /* Only support the initial namespaces for now. */
+        if ((current_user_ns() != &init_user_ns) ||
+            (task_active_pid_ns(current) != &init_pid_ns))
+                return -EPERM;
        switch (msg_type) {
        case AUDIT_GET:
        case AUDIT_LIST:
@@ -619,8 +607,7 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
 }
 static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
-                                     u32 pid, u32 uid, uid_t auid, u32 ses,
+                                     kuid_t auid, u32 ses, u32 sid)
-                                     u32 sid)
 {
        int rc = 0;
        char *ctx = NULL;
@@ -633,7 +620,9 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
        *ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
        audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",
-                         pid, uid, auid, ses);
+                         task_tgid_vnr(current),
+                         from_kuid(&init_user_ns, current_uid()),
+                         from_kuid(&init_user_ns, auid), ses);
        if (sid) {
                rc = security_secid_to_secctx(sid, &ctx, &len);
                if (rc)
@@ -649,13 +638,13 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
 static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 {
-        u32                     uid, pid, seq, sid;
+        u32                     seq, sid;
        void                    *data;
        struct audit_status     *status_get, status_set;
        int                     err;
        struct audit_buffer     *ab;
        u16                     msg_type = nlh->nlmsg_type;
-        uid_t                   loginuid; /* loginuid of sender */
+        kuid_t                  loginuid; /* loginuid of sender */
        u32                     sessionid;
        struct audit_sig_info   *sig_data;
        char                    *ctx = NULL;
@@ -675,8 +664,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                return err;
        }
-        pid  = NETLINK_CREDS(skb)->pid;
-        uid  = NETLINK_CREDS(skb)->uid;
        loginuid = audit_get_loginuid(current);
        sessionid = audit_get_sessionid(current);
        security_task_getsecid(current, &sid);
@@ -692,7 +679,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                status_set.backlog_limit = audit_backlog_limit;
                status_set.lost          = atomic_read(&audit_lost);
                status_set.backlog       = skb_queue_len(&audit_skb_queue);
-                audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0,
+                audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0,
                                 &status_set, sizeof(status_set));
                break;
        case AUDIT_SET:
@@ -720,7 +707,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                                                        sessionid, sid, 1);
                        audit_pid = new_pid;
-                        audit_nlk_pid = NETLINK_CB(skb).pid;
+                        audit_nlk_portid = NETLINK_CB(skb).portid;
                }
                if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) {
                        err = audit_set_rate_limit(status_get->rate_limit,
@@ -738,16 +725,16 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                if (!audit_enabled && msg_type != AUDIT_USER_AVC)
                        return 0;
-                err = audit_filter_user(&NETLINK_CB(skb));
+                err = audit_filter_user();
                if (err == 1) {
                        err = 0;
                        if (msg_type == AUDIT_USER_TTY) {
-                                err = audit_prepare_user_tty(pid, loginuid,
+                                err = tty_audit_push_task(current, loginuid,
                                                             sessionid);
                                if (err)
                                        break;
                        }
-                        audit_log_common_recv_msg(&ab, msg_type, pid, uid,
+                        audit_log_common_recv_msg(&ab, msg_type,
                                                  loginuid, sessionid, sid);
                        if (msg_type != AUDIT_USER_TTY)
@@ -763,7 +750,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                                        size--;
                                audit_log_n_untrustedstring(ab, data, size);
                        }
-                        audit_set_pid(ab, pid);
+                        audit_set_pid(ab, NETLINK_CB(skb).portid);
                        audit_log_end(ab);
                }
                break;
@@ -772,8 +759,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                if (nlmsg_len(nlh) < sizeof(struct audit_rule))
                        return -EINVAL;
                if (audit_enabled == AUDIT_LOCKED) {
-                        audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
+                        audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE,
-                                                  uid, loginuid, sessionid, sid);
+                                                  loginuid, sessionid, sid);
                        audit_log_format(ab, " audit_enabled=%d res=0",
                                         audit_enabled);
@@ -782,8 +769,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                }
                /* fallthrough */
        case AUDIT_LIST:
-                err = audit_receive_filter(msg_type, NETLINK_CB(skb).pid,
+                err = audit_receive_filter(msg_type, NETLINK_CB(skb).portid,
-                                           uid, seq, data, nlmsg_len(nlh),
+                                           seq, data, nlmsg_len(nlh),
                                           loginuid, sessionid, sid);
                break;
        case AUDIT_ADD_RULE:
@@ -791,8 +778,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                if (nlmsg_len(nlh) < sizeof(struct audit_rule_data))
                        return -EINVAL;
                if (audit_enabled == AUDIT_LOCKED) {
-                        audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
+                        audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE,
-                                                  uid, loginuid, sessionid, sid);
+                                                  loginuid, sessionid, sid);
                        audit_log_format(ab, " audit_enabled=%d res=0",
                                         audit_enabled);
@@ -801,15 +788,15 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                }
                /* fallthrough */
        case AUDIT_LIST_RULES:
-                err = audit_receive_filter(msg_type, NETLINK_CB(skb).pid,
+                err = audit_receive_filter(msg_type, NETLINK_CB(skb).portid,
-                                           uid, seq, data, nlmsg_len(nlh),
+                                           seq, data, nlmsg_len(nlh),
                                           loginuid, sessionid, sid);
                break;
        case AUDIT_TRIM:
                audit_trim_trees();
-                audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
+                audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE,
-                                          uid, loginuid, sessionid, sid);
+                                          loginuid, sessionid, sid);
                audit_log_format(ab, " op=trim res=1");
                audit_log_end(ab);
@@ -840,8 +827,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                /* OK, here comes... */
                err = audit_tag_tree(old, new);
-                audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
+                audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE,
-                                          uid, loginuid, sessionid, sid);
+                                          loginuid, sessionid, sid);
                audit_log_format(ab, " op=make_equiv old=");
                audit_log_untrustedstring(ab, old);
@@ -866,53 +853,41 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                                security_release_secctx(ctx, len);
                        return -ENOMEM;
                }
-                sig_data->uid = audit_sig_uid;
+                sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
                sig_data->pid = audit_sig_pid;
                if (audit_sig_sid) {
                        memcpy(sig_data->ctx, ctx, len);
                        security_release_secctx(ctx, len);
                }
-                audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO,
+                audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_SIGNAL_INFO,
                                0, 0, sig_data, sizeof(*sig_data) + len);
                kfree(sig_data);
                break;
        case AUDIT_TTY_GET: {
                struct audit_tty_status s;
-                struct task_struct *tsk;
+                struct task_struct *tsk = current;
-                unsigned long flags;
+                spin_lock_irq(&tsk->sighand->siglock);
-                rcu_read_lock();
+                s.enabled = tsk->signal->audit_tty != 0;
-                tsk = find_task_by_vpid(pid);
+                spin_unlock_irq(&tsk->sighand->siglock);
-                if (tsk && lock_task_sighand(tsk, &flags)) {
-                        s.enabled = tsk->signal->audit_tty != 0;
+                audit_send_reply(NETLINK_CB(skb).portid, seq,
-                        unlock_task_sighand(tsk, &flags);
+                                 AUDIT_TTY_GET, 0, 0, &s, sizeof(s));
-                } else
-                        err = -ESRCH;
-                rcu_read_unlock();
-                if (!err)
-                        audit_send_reply(NETLINK_CB(skb).pid, seq,
-                                         AUDIT_TTY_GET, 0, 0, &s, sizeof(s));
                break;
        }
        case AUDIT_TTY_SET: {
                struct audit_tty_status *s;
-                struct task_struct *tsk;
+                struct task_struct *tsk = current;
-                unsigned long flags;
                if (nlh->nlmsg_len < sizeof(struct audit_tty_status))
                        return -EINVAL;
                s = data;
                if (s->enabled != 0 && s->enabled != 1)
                        return -EINVAL;
-                rcu_read_lock();
-                tsk = find_task_by_vpid(pid);
+                spin_lock_irq(&tsk->sighand->siglock);
-                if (tsk && lock_task_sighand(tsk, &flags)) {
+                tsk->signal->audit_tty = s->enabled != 0;
-                        tsk->signal->audit_tty = s->enabled != 0;
+                spin_unlock_irq(&tsk->sighand->siglock);
-                        unlock_task_sighand(tsk, &flags);
-                } else
-                        err = -ESRCH;
-                rcu_read_unlock();
                break;
        }
        default:
@@ -971,8 +946,7 @@ static int __init audit_init(void)
        printk(KERN_INFO "audit: initializing netlink socket (%s)\n",
               audit_default ? "enabled" : "disabled");
-        audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT,
+        audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, &cfg);
-                                           THIS_MODULE, &cfg);
        if (!audit_sock)
                audit_panic("cannot initialize netlink socket");
        else

diff --git a/kernel/audit.c b/kernel/audit.c index ea3b7b6191c7..4d0ceede3319 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -61,6 +61,7 @@
61	#include <linux/netlink.h>	61	#include <linux/netlink.h>
62	#include <linux/freezer.h>	62	#include <linux/freezer.h>
63	#include <linux/tty.h>	63	#include <linux/tty.h>
		64	#include <linux/pid_namespace.h>
64		65
65	#include "audit.h"	66	#include "audit.h"
66		67
@@ -87,11 +88,11 @@ static int audit_failure = AUDIT_FAIL_PRINTK;
87		88
88	/*	89	/*
89	* If audit records are to be written to the netlink socket, audit_pid	90	* If audit records are to be written to the netlink socket, audit_pid
90	* contains the pid of the auditd process and audit_nlk_pid contains	91	* contains the pid of the auditd process and audit_nlk_portid contains
91	* the pid to use to send netlink messages to that process.	92	* the portid to use to send netlink messages to that process.
92	*/	93	*/
93	int audit_pid;	94	int audit_pid;
94	static int audit_nlk_pid;	95	static int audit_nlk_portid;
95		96
96	/* If audit_rate_limit is non-zero, limit the rate of sending audit records	97	/* If audit_rate_limit is non-zero, limit the rate of sending audit records
97	* to that number per second. This prevents DoS attacks, but results in	98	* to that number per second. This prevents DoS attacks, but results in
@@ -104,7 +105,7 @@ static int audit_backlog_wait_time = 60 * HZ;
104	static int audit_backlog_wait_overflow = 0;	105	static int audit_backlog_wait_overflow = 0;
105		106
106	/* The identity of the user shutting down the audit system. */	107	/* The identity of the user shutting down the audit system. */
107	uid_t audit_sig_uid = -1;	108	kuid_t audit_sig_uid = INVALID_UID;
108	pid_t audit_sig_pid = -1;	109	pid_t audit_sig_pid = -1;
109	u32 audit_sig_sid = 0;	110	u32 audit_sig_sid = 0;
110		111
@@ -264,7 +265,7 @@ void audit_log_lost(const char *message)
264	}	265	}
265		266
266	static int audit_log_config_change(char *function_name, int new, int old,	267	static int audit_log_config_change(char *function_name, int new, int old,
267	uid_t loginuid, u32 sessionid, u32 sid,	268	kuid_t loginuid, u32 sessionid, u32 sid,
268	int allow_changes)	269	int allow_changes)
269	{	270	{
270	struct audit_buffer *ab;	271	struct audit_buffer *ab;
@@ -272,7 +273,7 @@ static int audit_log_config_change(char *function_name, int new, int old,
272		273
273	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);	274	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
274	audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,	275	audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
275	old, loginuid, sessionid);	276	old, from_kuid(&init_user_ns, loginuid), sessionid);
276	if (sid) {	277	if (sid) {
277	char *ctx = NULL;	278	char *ctx = NULL;
278	u32 len;	279	u32 len;
@@ -292,7 +293,7 @@ static int audit_log_config_change(char *function_name, int new, int old,
292	}	293	}
293		294
294	static int audit_do_config_change(char function_name, int to_change,	295	static int audit_do_config_change(char function_name, int to_change,
295	int new, uid_t loginuid, u32 sessionid,	296	int new, kuid_t loginuid, u32 sessionid,
296	u32 sid)	297	u32 sid)
297	{	298	{
298	int allow_changes, rc = 0, old = *to_change;	299	int allow_changes, rc = 0, old = *to_change;
@@ -319,21 +320,21 @@ static int audit_do_config_change(char function_name, int to_change,
319	return rc;	320	return rc;
320	}	321	}
321		322
322	static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sessionid,	323	static int audit_set_rate_limit(int limit, kuid_t loginuid, u32 sessionid,
323	u32 sid)	324	u32 sid)
324	{	325	{
325	return audit_do_config_change("audit_rate_limit", &audit_rate_limit,	326	return audit_do_config_change("audit_rate_limit", &audit_rate_limit,
326	limit, loginuid, sessionid, sid);	327	limit, loginuid, sessionid, sid);
327	}	328	}
328		329
329	static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sessionid,	330	static int audit_set_backlog_limit(int limit, kuid_t loginuid, u32 sessionid,
330	u32 sid)	331	u32 sid)
331	{	332	{
332	return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit,	333	return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit,
333	limit, loginuid, sessionid, sid);	334	limit, loginuid, sessionid, sid);
334	}	335	}
335		336
336	static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid)	337	static int audit_set_enabled(int state, kuid_t loginuid, u32 sessionid, u32 sid)
337	{	338	{
338	int rc;	339	int rc;
339	if (state < AUDIT_OFF \|\| state > AUDIT_LOCKED)	340	if (state < AUDIT_OFF \|\| state > AUDIT_LOCKED)
@@ -348,7 +349,7 @@ static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid)
348	return rc;	349	return rc;
349	}	350	}
350		351
351	static int audit_set_failure(int state, uid_t loginuid, u32 sessionid, u32 sid)	352	static int audit_set_failure(int state, kuid_t loginuid, u32 sessionid, u32 sid)
352	{	353	{
353	if (state != AUDIT_FAIL_SILENT	354	if (state != AUDIT_FAIL_SILENT
354	&& state != AUDIT_FAIL_PRINTK	355	&& state != AUDIT_FAIL_PRINTK
@@ -401,7 +402,7 @@ static void kauditd_send_skb(struct sk_buff *skb)
401	int err;	402	int err;
402	/* take a reference in case we can't send it and we want to hold it */	403	/* take a reference in case we can't send it and we want to hold it */
403	skb_get(skb);	404	skb_get(skb);
404	err = netlink_unicast(audit_sock, skb, audit_nlk_pid, 0);	405	err = netlink_unicast(audit_sock, skb, audit_nlk_portid, 0);
405	if (err < 0) {	406	if (err < 0) {
406	BUG_ON(err != -ECONNREFUSED); /* Shouldn't happen */	407	BUG_ON(err != -ECONNREFUSED); /* Shouldn't happen */
407	printk(KERN_ERR "audit: NO daemon at audit_pid=%d\n", audit_pid);	408	printk(KERN_ERR "audit: NO daemon at audit_pid=%d\n", audit_pid);
@@ -467,24 +468,6 @@ static int kauditd_thread(void *dummy)
467	return 0;	468	return 0;
468	}	469	}
469		470
470	static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
471	{
472	struct task_struct *tsk;
473	int err;
474
475	rcu_read_lock();
476	tsk = find_task_by_vpid(pid);
477	if (!tsk) {
478	rcu_read_unlock();
479	return -ESRCH;
480	}
481	get_task_struct(tsk);
482	rcu_read_unlock();
483	err = tty_audit_push_task(tsk, loginuid, sessionid);
484	put_task_struct(tsk);
485	return err;
486	}
487
488	int audit_send_list(void *_dest)	471	int audit_send_list(void *_dest)
489	{	472	{
490	struct audit_netlink_list *dest = _dest;	473	struct audit_netlink_list *dest = _dest;
@@ -588,6 +571,11 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
588	{	571	{
589	int err = 0;	572	int err = 0;
590		573
		574	/* Only support the initial namespaces for now. */
		575	if ((current_user_ns() != &init_user_ns) \|\|
		576	(task_active_pid_ns(current) != &init_pid_ns))
		577	return -EPERM;
		578
591	switch (msg_type) {	579	switch (msg_type) {
592	case AUDIT_GET:	580	case AUDIT_GET:
593	case AUDIT_LIST:	581	case AUDIT_LIST:
@@ -619,8 +607,7 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
619	}	607	}
620		608
621	static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,	609	static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
622	u32 pid, u32 uid, uid_t auid, u32 ses,	610	kuid_t auid, u32 ses, u32 sid)
623	u32 sid)
624	{	611	{
625	int rc = 0;	612	int rc = 0;
626	char *ctx = NULL;	613	char *ctx = NULL;
@@ -633,7 +620,9 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
633		620
634	*ab = audit_log_start(NULL, GFP_KERNEL, msg_type);	621	*ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
635	audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",	622	audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",
636	pid, uid, auid, ses);	623	task_tgid_vnr(current),
		624	from_kuid(&init_user_ns, current_uid()),
		625	from_kuid(&init_user_ns, auid), ses);
637	if (sid) {	626	if (sid) {
638	rc = security_secid_to_secctx(sid, &ctx, &len);	627	rc = security_secid_to_secctx(sid, &ctx, &len);
639	if (rc)	628	if (rc)
@@ -649,13 +638,13 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
649		638
650	static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)	639	static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
651	{	640	{
652	u32 uid, pid, seq, sid;	641	u32 seq, sid;
653	void *data;	642	void *data;
654	struct audit_status *status_get, status_set;	643	struct audit_status *status_get, status_set;
655	int err;	644	int err;
656	struct audit_buffer *ab;	645	struct audit_buffer *ab;
657	u16 msg_type = nlh->nlmsg_type;	646	u16 msg_type = nlh->nlmsg_type;
658	uid_t loginuid; /* loginuid of sender */	647	kuid_t loginuid; /* loginuid of sender */
659	u32 sessionid;	648	u32 sessionid;
660	struct audit_sig_info *sig_data;	649	struct audit_sig_info *sig_data;
661	char *ctx = NULL;	650	char *ctx = NULL;
@@ -675,8 +664,6 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
675	return err;	664	return err;
676	}	665	}
677		666
678	pid = NETLINK_CREDS(skb)->pid;
679	uid = NETLINK_CREDS(skb)->uid;
680	loginuid = audit_get_loginuid(current);	667	loginuid = audit_get_loginuid(current);
681	sessionid = audit_get_sessionid(current);	668	sessionid = audit_get_sessionid(current);
682	security_task_getsecid(current, &sid);	669	security_task_getsecid(current, &sid);
@@ -692,7 +679,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
692	status_set.backlog_limit = audit_backlog_limit;	679	status_set.backlog_limit = audit_backlog_limit;
693	status_set.lost = atomic_read(&audit_lost);	680	status_set.lost = atomic_read(&audit_lost);
694	status_set.backlog = skb_queue_len(&audit_skb_queue);	681	status_set.backlog = skb_queue_len(&audit_skb_queue);
695	audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0,	682	audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0,
696	&status_set, sizeof(status_set));	683	&status_set, sizeof(status_set));
697	break;	684	break;
698	case AUDIT_SET:	685	case AUDIT_SET:
@@ -720,7 +707,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
720	sessionid, sid, 1);	707	sessionid, sid, 1);
721		708
722	audit_pid = new_pid;	709	audit_pid = new_pid;
723	audit_nlk_pid = NETLINK_CB(skb).pid;	710	audit_nlk_portid = NETLINK_CB(skb).portid;
724	}	711	}
725	if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) {	712	if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) {
726	err = audit_set_rate_limit(status_get->rate_limit,	713	err = audit_set_rate_limit(status_get->rate_limit,
@@ -738,16 +725,16 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
738	if (!audit_enabled && msg_type != AUDIT_USER_AVC)	725	if (!audit_enabled && msg_type != AUDIT_USER_AVC)
739	return 0;	726	return 0;
740		727
741	err = audit_filter_user(&NETLINK_CB(skb));	728	err = audit_filter_user();
742	if (err == 1) {	729	if (err == 1) {
743	err = 0;	730	err = 0;
744	if (msg_type == AUDIT_USER_TTY) {	731	if (msg_type == AUDIT_USER_TTY) {
745	err = audit_prepare_user_tty(pid, loginuid,	732	err = tty_audit_push_task(current, loginuid,
746	sessionid);	733	sessionid);
747	if (err)	734	if (err)
748	break;	735	break;
749	}	736	}
750	audit_log_common_recv_msg(&ab, msg_type, pid, uid,	737	audit_log_common_recv_msg(&ab, msg_type,
751	loginuid, sessionid, sid);	738	loginuid, sessionid, sid);
752		739
753	if (msg_type != AUDIT_USER_TTY)	740	if (msg_type != AUDIT_USER_TTY)
@@ -763,7 +750,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
763	size--;	750	size--;
764	audit_log_n_untrustedstring(ab, data, size);	751	audit_log_n_untrustedstring(ab, data, size);
765	}	752	}
766	audit_set_pid(ab, pid);	753	audit_set_pid(ab, NETLINK_CB(skb).portid);
767	audit_log_end(ab);	754	audit_log_end(ab);
768	}	755	}
769	break;	756	break;
@@ -772,8 +759,8 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
772	if (nlmsg_len(nlh) < sizeof(struct audit_rule))	759	if (nlmsg_len(nlh) < sizeof(struct audit_rule))
773	return -EINVAL;	760	return -EINVAL;
774	if (audit_enabled == AUDIT_LOCKED) {	761	if (audit_enabled == AUDIT_LOCKED) {
775	audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,	762	audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE,
776	uid, loginuid, sessionid, sid);	763	loginuid, sessionid, sid);
777		764
778	audit_log_format(ab, " audit_enabled=%d res=0",	765	audit_log_format(ab, " audit_enabled=%d res=0",
779	audit_enabled);	766	audit_enabled);
@@ -782,8 +769,8 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
782	}	769	}
783	/* fallthrough */	770	/* fallthrough */
784	case AUDIT_LIST:	771	case AUDIT_LIST:
785	err = audit_receive_filter(msg_type, NETLINK_CB(skb).pid,	772	err = audit_receive_filter(msg_type, NETLINK_CB(skb).portid,
786	uid, seq, data, nlmsg_len(nlh),	773	seq, data, nlmsg_len(nlh),
787	loginuid, sessionid, sid);	774	loginuid, sessionid, sid);
788	break;	775	break;
789	case AUDIT_ADD_RULE:	776	case AUDIT_ADD_RULE:
@@ -791,8 +778,8 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
791	if (nlmsg_len(nlh) < sizeof(struct audit_rule_data))	778	if (nlmsg_len(nlh) < sizeof(struct audit_rule_data))
792	return -EINVAL;	779	return -EINVAL;
793	if (audit_enabled == AUDIT_LOCKED) {	780	if (audit_enabled == AUDIT_LOCKED) {
794	audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,	781	audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE,
795	uid, loginuid, sessionid, sid);	782	loginuid, sessionid, sid);
796		783
797	audit_log_format(ab, " audit_enabled=%d res=0",	784	audit_log_format(ab, " audit_enabled=%d res=0",
798	audit_enabled);	785	audit_enabled);
@@ -801,15 +788,15 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
801	}	788	}
802	/* fallthrough */	789	/* fallthrough */
803	case AUDIT_LIST_RULES:	790	case AUDIT_LIST_RULES:
804	err = audit_receive_filter(msg_type, NETLINK_CB(skb).pid,	791	err = audit_receive_filter(msg_type, NETLINK_CB(skb).portid,
805	uid, seq, data, nlmsg_len(nlh),	792	seq, data, nlmsg_len(nlh),
806	loginuid, sessionid, sid);	793	loginuid, sessionid, sid);
807	break;	794	break;
808	case AUDIT_TRIM:	795	case AUDIT_TRIM:
809	audit_trim_trees();	796	audit_trim_trees();
810		797
811	audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,	798	audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE,
812	uid, loginuid, sessionid, sid);	799	loginuid, sessionid, sid);
813		800
814	audit_log_format(ab, " op=trim res=1");	801	audit_log_format(ab, " op=trim res=1");
815	audit_log_end(ab);	802	audit_log_end(ab);
@@ -840,8 +827,8 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
840	/* OK, here comes... */	827	/* OK, here comes... */
841	err = audit_tag_tree(old, new);	828	err = audit_tag_tree(old, new);
842		829
843	audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,	830	audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE,
844	uid, loginuid, sessionid, sid);	831	loginuid, sessionid, sid);
845		832
846	audit_log_format(ab, " op=make_equiv old=");	833	audit_log_format(ab, " op=make_equiv old=");
847	audit_log_untrustedstring(ab, old);	834	audit_log_untrustedstring(ab, old);
@@ -866,53 +853,41 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
866	security_release_secctx(ctx, len);	853	security_release_secctx(ctx, len);
867	return -ENOMEM;	854	return -ENOMEM;
868	}	855	}
869	sig_data->uid = audit_sig_uid;	856	sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid);
870	sig_data->pid = audit_sig_pid;	857	sig_data->pid = audit_sig_pid;
871	if (audit_sig_sid) {	858	if (audit_sig_sid) {
872	memcpy(sig_data->ctx, ctx, len);	859	memcpy(sig_data->ctx, ctx, len);
873	security_release_secctx(ctx, len);	860	security_release_secctx(ctx, len);
874	}	861	}
875	audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO,	862	audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_SIGNAL_INFO,
876	0, 0, sig_data, sizeof(*sig_data) + len);	863	0, 0, sig_data, sizeof(*sig_data) + len);
877	kfree(sig_data);	864	kfree(sig_data);
878	break;	865	break;
879	case AUDIT_TTY_GET: {	866	case AUDIT_TTY_GET: {
880	struct audit_tty_status s;	867	struct audit_tty_status s;
881	struct task_struct *tsk;	868	struct task_struct *tsk = current;
882	unsigned long flags;	869
883		870	spin_lock_irq(&tsk->sighand->siglock);
884	rcu_read_lock();	871	s.enabled = tsk->signal->audit_tty != 0;
885	tsk = find_task_by_vpid(pid);	872	spin_unlock_irq(&tsk->sighand->siglock);
886	if (tsk && lock_task_sighand(tsk, &flags)) {	873
887	s.enabled = tsk->signal->audit_tty != 0;	874	audit_send_reply(NETLINK_CB(skb).portid, seq,
888	unlock_task_sighand(tsk, &flags);	875	AUDIT_TTY_GET, 0, 0, &s, sizeof(s));
889	} else
890	err = -ESRCH;
891	rcu_read_unlock();
892
893	if (!err)
894	audit_send_reply(NETLINK_CB(skb).pid, seq,
895	AUDIT_TTY_GET, 0, 0, &s, sizeof(s));
896	break;	876	break;
897	}	877	}
898	case AUDIT_TTY_SET: {	878	case AUDIT_TTY_SET: {
899	struct audit_tty_status *s;	879	struct audit_tty_status *s;
900	struct task_struct *tsk;	880	struct task_struct *tsk = current;
901	unsigned long flags;
902		881
903	if (nlh->nlmsg_len < sizeof(struct audit_tty_status))	882	if (nlh->nlmsg_len < sizeof(struct audit_tty_status))
904	return -EINVAL;	883	return -EINVAL;
905	s = data;	884	s = data;
906	if (s->enabled != 0 && s->enabled != 1)	885	if (s->enabled != 0 && s->enabled != 1)
907	return -EINVAL;	886	return -EINVAL;
908	rcu_read_lock();	887
909	tsk = find_task_by_vpid(pid);	888	spin_lock_irq(&tsk->sighand->siglock);
910	if (tsk && lock_task_sighand(tsk, &flags)) {	889	tsk->signal->audit_tty = s->enabled != 0;
911	tsk->signal->audit_tty = s->enabled != 0;	890	spin_unlock_irq(&tsk->sighand->siglock);
912	unlock_task_sighand(tsk, &flags);
913	} else
914	err = -ESRCH;
915	rcu_read_unlock();
916	break;	891	break;
917	}	892	}
918	default:	893	default:
@@ -971,8 +946,7 @@ static int __init audit_init(void)
971		946
972	printk(KERN_INFO "audit: initializing netlink socket (%s)\n",	947	printk(KERN_INFO "audit: initializing netlink socket (%s)\n",
973	audit_default ? "enabled" : "disabled");	948	audit_default ? "enabled" : "disabled");
974	audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT,	949	audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, &cfg);
975	THIS_MODULE, &cfg);
976	if (!audit_sock)	950	if (!audit_sock)
977	audit_panic("cannot initialize netlink socket");	951	audit_panic("cannot initialize netlink socket");
978	else	952	else