Merge branch 'audit.b59' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b59' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: [PATCH] fix broken timestamps in AVC generated by kernel threads [patch 1/1] audit: remove excess kernel-doc [PATCH] asm/generic: fix bug - kernel fails to build when enable some common audit code on Blackfin [PATCH] return records for fork() both to child and parent [PATCH] Audit: make audit=0 actually turn off audit
This commit is contained in:
Коммит
b749e3f8d7
|
@ -1,6 +1,8 @@
|
||||||
#include <asm-generic/audit_dir_write.h>
|
#include <asm-generic/audit_dir_write.h>
|
||||||
__NR_acct,
|
__NR_acct,
|
||||||
|
#ifdef __NR_swapon
|
||||||
__NR_swapon,
|
__NR_swapon,
|
||||||
|
#endif
|
||||||
__NR_quotactl,
|
__NR_quotactl,
|
||||||
__NR_truncate,
|
__NR_truncate,
|
||||||
#ifdef __NR_truncate64
|
#ifdef __NR_truncate64
|
||||||
|
|
|
@ -391,6 +391,7 @@ extern int audit_classify_arch(int arch);
|
||||||
#ifdef CONFIG_AUDITSYSCALL
|
#ifdef CONFIG_AUDITSYSCALL
|
||||||
/* These are defined in auditsc.c */
|
/* These are defined in auditsc.c */
|
||||||
/* Public API */
|
/* Public API */
|
||||||
|
extern void audit_finish_fork(struct task_struct *child);
|
||||||
extern int audit_alloc(struct task_struct *task);
|
extern int audit_alloc(struct task_struct *task);
|
||||||
extern void audit_free(struct task_struct *task);
|
extern void audit_free(struct task_struct *task);
|
||||||
extern void audit_syscall_entry(int arch,
|
extern void audit_syscall_entry(int arch,
|
||||||
|
@ -434,7 +435,7 @@ static inline void audit_ptrace(struct task_struct *t)
|
||||||
|
|
||||||
/* Private API (for audit.c only) */
|
/* Private API (for audit.c only) */
|
||||||
extern unsigned int audit_serial(void);
|
extern unsigned int audit_serial(void);
|
||||||
extern void auditsc_get_stamp(struct audit_context *ctx,
|
extern int auditsc_get_stamp(struct audit_context *ctx,
|
||||||
struct timespec *t, unsigned int *serial);
|
struct timespec *t, unsigned int *serial);
|
||||||
extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
|
extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
|
||||||
#define audit_get_loginuid(t) ((t)->loginuid)
|
#define audit_get_loginuid(t) ((t)->loginuid)
|
||||||
|
@ -504,6 +505,7 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
|
||||||
extern int audit_n_rules;
|
extern int audit_n_rules;
|
||||||
extern int audit_signals;
|
extern int audit_signals;
|
||||||
#else
|
#else
|
||||||
|
#define audit_finish_fork(t)
|
||||||
#define audit_alloc(t) ({ 0; })
|
#define audit_alloc(t) ({ 0; })
|
||||||
#define audit_free(t) do { ; } while (0)
|
#define audit_free(t) do { ; } while (0)
|
||||||
#define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
|
#define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
|
||||||
|
@ -516,7 +518,7 @@ extern int audit_signals;
|
||||||
#define audit_inode(n,d) do { ; } while (0)
|
#define audit_inode(n,d) do { ; } while (0)
|
||||||
#define audit_inode_child(d,i,p) do { ; } while (0)
|
#define audit_inode_child(d,i,p) do { ; } while (0)
|
||||||
#define audit_core_dumps(i) do { ; } while (0)
|
#define audit_core_dumps(i) do { ; } while (0)
|
||||||
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
|
#define auditsc_get_stamp(c,t,s) (0)
|
||||||
#define audit_get_loginuid(t) (-1)
|
#define audit_get_loginuid(t) (-1)
|
||||||
#define audit_get_sessionid(t) (-1)
|
#define audit_get_sessionid(t) (-1)
|
||||||
#define audit_log_task_context(b) do { ; } while (0)
|
#define audit_log_task_context(b) do { ; } while (0)
|
||||||
|
|
|
@ -61,8 +61,11 @@
|
||||||
|
|
||||||
#include "audit.h"
|
#include "audit.h"
|
||||||
|
|
||||||
/* No auditing will take place until audit_initialized != 0.
|
/* No auditing will take place until audit_initialized == AUDIT_INITIALIZED.
|
||||||
* (Initialization happens after skb_init is called.) */
|
* (Initialization happens after skb_init is called.) */
|
||||||
|
#define AUDIT_DISABLED -1
|
||||||
|
#define AUDIT_UNINITIALIZED 0
|
||||||
|
#define AUDIT_INITIALIZED 1
|
||||||
static int audit_initialized;
|
static int audit_initialized;
|
||||||
|
|
||||||
#define AUDIT_OFF 0
|
#define AUDIT_OFF 0
|
||||||
|
@ -965,6 +968,9 @@ static int __init audit_init(void)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
if (audit_initialized == AUDIT_DISABLED)
|
||||||
|
return 0;
|
||||||
|
|
||||||
printk(KERN_INFO "audit: initializing netlink socket (%s)\n",
|
printk(KERN_INFO "audit: initializing netlink socket (%s)\n",
|
||||||
audit_default ? "enabled" : "disabled");
|
audit_default ? "enabled" : "disabled");
|
||||||
audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0,
|
audit_sock = netlink_kernel_create(&init_net, NETLINK_AUDIT, 0,
|
||||||
|
@ -976,7 +982,7 @@ static int __init audit_init(void)
|
||||||
|
|
||||||
skb_queue_head_init(&audit_skb_queue);
|
skb_queue_head_init(&audit_skb_queue);
|
||||||
skb_queue_head_init(&audit_skb_hold_queue);
|
skb_queue_head_init(&audit_skb_hold_queue);
|
||||||
audit_initialized = 1;
|
audit_initialized = AUDIT_INITIALIZED;
|
||||||
audit_enabled = audit_default;
|
audit_enabled = audit_default;
|
||||||
audit_ever_enabled |= !!audit_default;
|
audit_ever_enabled |= !!audit_default;
|
||||||
|
|
||||||
|
@ -999,13 +1005,21 @@ __initcall(audit_init);
|
||||||
static int __init audit_enable(char *str)
|
static int __init audit_enable(char *str)
|
||||||
{
|
{
|
||||||
audit_default = !!simple_strtol(str, NULL, 0);
|
audit_default = !!simple_strtol(str, NULL, 0);
|
||||||
printk(KERN_INFO "audit: %s%s\n",
|
if (!audit_default)
|
||||||
audit_default ? "enabled" : "disabled",
|
audit_initialized = AUDIT_DISABLED;
|
||||||
audit_initialized ? "" : " (after initialization)");
|
|
||||||
if (audit_initialized) {
|
printk(KERN_INFO "audit: %s", audit_default ? "enabled" : "disabled");
|
||||||
|
|
||||||
|
if (audit_initialized == AUDIT_INITIALIZED) {
|
||||||
audit_enabled = audit_default;
|
audit_enabled = audit_default;
|
||||||
audit_ever_enabled |= !!audit_default;
|
audit_ever_enabled |= !!audit_default;
|
||||||
|
} else if (audit_initialized == AUDIT_UNINITIALIZED) {
|
||||||
|
printk(" (after initialization)");
|
||||||
|
} else {
|
||||||
|
printk(" (until reboot)");
|
||||||
}
|
}
|
||||||
|
printk("\n");
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1107,9 +1121,7 @@ unsigned int audit_serial(void)
|
||||||
static inline void audit_get_stamp(struct audit_context *ctx,
|
static inline void audit_get_stamp(struct audit_context *ctx,
|
||||||
struct timespec *t, unsigned int *serial)
|
struct timespec *t, unsigned int *serial)
|
||||||
{
|
{
|
||||||
if (ctx)
|
if (!ctx || !auditsc_get_stamp(ctx, t, serial)) {
|
||||||
auditsc_get_stamp(ctx, t, serial);
|
|
||||||
else {
|
|
||||||
*t = CURRENT_TIME;
|
*t = CURRENT_TIME;
|
||||||
*serial = audit_serial();
|
*serial = audit_serial();
|
||||||
}
|
}
|
||||||
|
@ -1146,7 +1158,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
|
||||||
int reserve;
|
int reserve;
|
||||||
unsigned long timeout_start = jiffies;
|
unsigned long timeout_start = jiffies;
|
||||||
|
|
||||||
if (!audit_initialized)
|
if (audit_initialized != AUDIT_INITIALIZED)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if (unlikely(audit_filter_type(type)))
|
if (unlikely(audit_filter_type(type)))
|
||||||
|
|
|
@ -1459,7 +1459,6 @@ void audit_free(struct task_struct *tsk)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* audit_syscall_entry - fill in an audit record at syscall entry
|
* audit_syscall_entry - fill in an audit record at syscall entry
|
||||||
* @tsk: task being audited
|
|
||||||
* @arch: architecture type
|
* @arch: architecture type
|
||||||
* @major: major syscall type (function)
|
* @major: major syscall type (function)
|
||||||
* @a1: additional syscall register 1
|
* @a1: additional syscall register 1
|
||||||
|
@ -1548,9 +1547,25 @@ void audit_syscall_entry(int arch, int major,
|
||||||
context->ppid = 0;
|
context->ppid = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void audit_finish_fork(struct task_struct *child)
|
||||||
|
{
|
||||||
|
struct audit_context *ctx = current->audit_context;
|
||||||
|
struct audit_context *p = child->audit_context;
|
||||||
|
if (!p || !ctx || !ctx->auditable)
|
||||||
|
return;
|
||||||
|
p->arch = ctx->arch;
|
||||||
|
p->major = ctx->major;
|
||||||
|
memcpy(p->argv, ctx->argv, sizeof(ctx->argv));
|
||||||
|
p->ctime = ctx->ctime;
|
||||||
|
p->dummy = ctx->dummy;
|
||||||
|
p->auditable = ctx->auditable;
|
||||||
|
p->in_syscall = ctx->in_syscall;
|
||||||
|
p->filterkey = kstrdup(ctx->filterkey, GFP_KERNEL);
|
||||||
|
p->ppid = current->pid;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* audit_syscall_exit - deallocate audit context after a system call
|
* audit_syscall_exit - deallocate audit context after a system call
|
||||||
* @tsk: task being audited
|
|
||||||
* @valid: success/failure flag
|
* @valid: success/failure flag
|
||||||
* @return_code: syscall return value
|
* @return_code: syscall return value
|
||||||
*
|
*
|
||||||
|
@ -1942,15 +1957,18 @@ EXPORT_SYMBOL_GPL(__audit_inode_child);
|
||||||
*
|
*
|
||||||
* Also sets the context as auditable.
|
* Also sets the context as auditable.
|
||||||
*/
|
*/
|
||||||
void auditsc_get_stamp(struct audit_context *ctx,
|
int auditsc_get_stamp(struct audit_context *ctx,
|
||||||
struct timespec *t, unsigned int *serial)
|
struct timespec *t, unsigned int *serial)
|
||||||
{
|
{
|
||||||
|
if (!ctx->in_syscall)
|
||||||
|
return 0;
|
||||||
if (!ctx->serial)
|
if (!ctx->serial)
|
||||||
ctx->serial = audit_serial();
|
ctx->serial = audit_serial();
|
||||||
t->tv_sec = ctx->ctime.tv_sec;
|
t->tv_sec = ctx->ctime.tv_sec;
|
||||||
t->tv_nsec = ctx->ctime.tv_nsec;
|
t->tv_nsec = ctx->ctime.tv_nsec;
|
||||||
*serial = ctx->serial;
|
*serial = ctx->serial;
|
||||||
ctx->auditable = 1;
|
ctx->auditable = 1;
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* global counter which is incremented every time something logs in */
|
/* global counter which is incremented every time something logs in */
|
||||||
|
|
|
@ -1398,6 +1398,7 @@ long do_fork(unsigned long clone_flags,
|
||||||
init_completion(&vfork);
|
init_completion(&vfork);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
audit_finish_fork(p);
|
||||||
tracehook_report_clone(trace, regs, clone_flags, nr, p);
|
tracehook_report_clone(trace, regs, clone_flags, nr, p);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
Загрузка…
Ссылка в новой задаче