aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'kernel')
-rw-r--r--kernel/audit.c46
-rw-r--r--kernel/auditsc.c5
2 files changed, 29 insertions, 22 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 58c7d7e47299..587d3b2eba7f 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -239,36 +239,36 @@ void audit_log_lost(const char *message)
239 239
240} 240}
241 241
242static int audit_set_rate_limit(int limit) 242static int audit_set_rate_limit(int limit, uid_t loginuid)
243{ 243{
244 int old = audit_rate_limit; 244 int old = audit_rate_limit;
245 audit_rate_limit = limit; 245 audit_rate_limit = limit;
246 audit_log(current->audit_context, "audit_rate_limit=%d old=%d", 246 audit_log(NULL, "audit_rate_limit=%d old=%d by auid %u",
247 audit_rate_limit, old); 247 audit_rate_limit, old, loginuid);
248 return old; 248 return old;
249} 249}
250 250
251static int audit_set_backlog_limit(int limit) 251static int audit_set_backlog_limit(int limit, uid_t loginuid)
252{ 252{
253 int old = audit_backlog_limit; 253 int old = audit_backlog_limit;
254 audit_backlog_limit = limit; 254 audit_backlog_limit = limit;
255 audit_log(current->audit_context, "audit_backlog_limit=%d old=%d", 255 audit_log(NULL, "audit_backlog_limit=%d old=%d by auid %u",
256 audit_backlog_limit, old); 256 audit_backlog_limit, old, loginuid);
257 return old; 257 return old;
258} 258}
259 259
260static int audit_set_enabled(int state) 260static int audit_set_enabled(int state, uid_t loginuid)
261{ 261{
262 int old = audit_enabled; 262 int old = audit_enabled;
263 if (state != 0 && state != 1) 263 if (state != 0 && state != 1)
264 return -EINVAL; 264 return -EINVAL;
265 audit_enabled = state; 265 audit_enabled = state;
266 audit_log(current->audit_context, "audit_enabled=%d old=%d", 266 audit_log(NULL, "audit_enabled=%d old=%d by auid %u",
267 audit_enabled, old); 267 audit_enabled, old, loginuid);
268 return old; 268 return old;
269} 269}
270 270
271static int audit_set_failure(int state) 271static int audit_set_failure(int state, uid_t loginuid)
272{ 272{
273 int old = audit_failure; 273 int old = audit_failure;
274 if (state != AUDIT_FAIL_SILENT 274 if (state != AUDIT_FAIL_SILENT
@@ -276,8 +276,8 @@ static int audit_set_failure(int state)
276 && state != AUDIT_FAIL_PANIC) 276 && state != AUDIT_FAIL_PANIC)
277 return -EINVAL; 277 return -EINVAL;
278 audit_failure = state; 278 audit_failure = state;
279 audit_log(current->audit_context, "audit_failure=%d old=%d", 279 audit_log(NULL, "audit_failure=%d old=%d by auid %u",
280 audit_failure, old); 280 audit_failure, old, loginuid);
281 return old; 281 return old;
282} 282}
283 283
@@ -344,6 +344,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
344 int err; 344 int err;
345 struct audit_buffer *ab; 345 struct audit_buffer *ab;
346 u16 msg_type = nlh->nlmsg_type; 346 u16 msg_type = nlh->nlmsg_type;
347 uid_t loginuid; /* loginuid of sender */
347 348
348 err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); 349 err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type);
349 if (err) 350 if (err)
@@ -351,6 +352,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
351 352
352 pid = NETLINK_CREDS(skb)->pid; 353 pid = NETLINK_CREDS(skb)->pid;
353 uid = NETLINK_CREDS(skb)->uid; 354 uid = NETLINK_CREDS(skb)->uid;
355 loginuid = NETLINK_CB(skb).loginuid;
354 seq = nlh->nlmsg_seq; 356 seq = nlh->nlmsg_seq;
355 data = NLMSG_DATA(nlh); 357 data = NLMSG_DATA(nlh);
356 358
@@ -371,34 +373,36 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
371 return -EINVAL; 373 return -EINVAL;
372 status_get = (struct audit_status *)data; 374 status_get = (struct audit_status *)data;
373 if (status_get->mask & AUDIT_STATUS_ENABLED) { 375 if (status_get->mask & AUDIT_STATUS_ENABLED) {
374 err = audit_set_enabled(status_get->enabled); 376 err = audit_set_enabled(status_get->enabled, loginuid);
375 if (err < 0) return err; 377 if (err < 0) return err;
376 } 378 }
377 if (status_get->mask & AUDIT_STATUS_FAILURE) { 379 if (status_get->mask & AUDIT_STATUS_FAILURE) {
378 err = audit_set_failure(status_get->failure); 380 err = audit_set_failure(status_get->failure, loginuid);
379 if (err < 0) return err; 381 if (err < 0) return err;
380 } 382 }
381 if (status_get->mask & AUDIT_STATUS_PID) { 383 if (status_get->mask & AUDIT_STATUS_PID) {
382 int old = audit_pid; 384 int old = audit_pid;
383 audit_pid = status_get->pid; 385 audit_pid = status_get->pid;
384 audit_log(current->audit_context, 386 audit_log(NULL, "audit_pid=%d old=%d by auid %u",
385 "audit_pid=%d old=%d", audit_pid, old); 387 audit_pid, old, loginuid);
386 } 388 }
387 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) 389 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
388 audit_set_rate_limit(status_get->rate_limit); 390 audit_set_rate_limit(status_get->rate_limit, loginuid);
389 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) 391 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)
390 audit_set_backlog_limit(status_get->backlog_limit); 392 audit_set_backlog_limit(status_get->backlog_limit,
393 loginuid);
391 break; 394 break;
392 case AUDIT_USER: 395 case AUDIT_USER:
393 ab = audit_log_start(NULL); 396 ab = audit_log_start(NULL);
394 if (!ab) 397 if (!ab)
395 break; /* audit_panic has been called */ 398 break; /* audit_panic has been called */
396 audit_log_format(ab, 399 audit_log_format(ab,
397 "user pid=%d uid=%d length=%d msg='%.1024s'", 400 "user pid=%d uid=%d length=%d loginuid=%u"
401 " msg='%.1024s'",
398 pid, uid, 402 pid, uid,
399 (int)(nlh->nlmsg_len 403 (int)(nlh->nlmsg_len
400 - ((char *)data - (char *)nlh)), 404 - ((char *)data - (char *)nlh)),
401 (char *)data); 405 loginuid, (char *)data);
402 ab->type = AUDIT_USER; 406 ab->type = AUDIT_USER;
403 ab->pid = pid; 407 ab->pid = pid;
404 audit_log_end(ab); 408 audit_log_end(ab);
@@ -411,7 +415,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
411 case AUDIT_LIST: 415 case AUDIT_LIST:
412#ifdef CONFIG_AUDITSYSCALL 416#ifdef CONFIG_AUDITSYSCALL
413 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, 417 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
414 uid, seq, data); 418 uid, seq, data, loginuid);
415#else 419#else
416 err = -EOPNOTSUPP; 420 err = -EOPNOTSUPP;
417#endif 421#endif
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 9ff2c1b1033e..66148f81d783 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -251,7 +251,8 @@ static int audit_copy_rule(struct audit_rule *d, struct audit_rule *s)
251 return 0; 251 return 0;
252} 252}
253 253
254int audit_receive_filter(int type, int pid, int uid, int seq, void *data) 254int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
255 uid_t loginuid)
255{ 256{
256 u32 flags; 257 u32 flags;
257 struct audit_entry *entry; 258 struct audit_entry *entry;
@@ -286,6 +287,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data)
286 err = audit_add_rule(entry, &audit_entlist); 287 err = audit_add_rule(entry, &audit_entlist);
287 if (!err && (flags & AUDIT_AT_EXIT)) 288 if (!err && (flags & AUDIT_AT_EXIT))
288 err = audit_add_rule(entry, &audit_extlist); 289 err = audit_add_rule(entry, &audit_extlist);
290 audit_log(NULL, "auid %u added an audit rule\n", loginuid);
289 break; 291 break;
290 case AUDIT_DEL: 292 case AUDIT_DEL:
291 flags =((struct audit_rule *)data)->flags; 293 flags =((struct audit_rule *)data)->flags;
@@ -295,6 +297,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data)
295 err = audit_del_rule(data, &audit_entlist); 297 err = audit_del_rule(data, &audit_entlist);
296 if (!err && (flags & AUDIT_AT_EXIT)) 298 if (!err && (flags & AUDIT_AT_EXIT))
297 err = audit_del_rule(data, &audit_extlist); 299 err = audit_del_rule(data, &audit_extlist);
300 audit_log(NULL, "auid %u removed an audit rule\n", loginuid);
298 break; 301 break;
299 default: 302 default:
300 return -EINVAL; 303 return -EINVAL;