seccomp: Configurable separator for the actions_logged string
The function that converts a bitmask of seccomp actions that are allowed to be logged is currently only used for constructing the display string for the kernel.seccomp.actions_logged sysctl. That string wants a space character to be used for the separator between actions. A future patch will make use of the same function for building a string that will be sent to the audit subsystem for tracking modifications to the kernel.seccomp.actions_logged sysctl. That string will need to use a comma as a separator. This patch allows the separator character to be configurable to meet both needs. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Родитель
d013db0294
Коммит
beb44acaf0
|
@ -1135,10 +1135,11 @@ static const struct seccomp_log_name seccomp_log_names[] = {
|
|||
};
|
||||
|
||||
static bool seccomp_names_from_actions_logged(char *names, size_t size,
|
||||
u32 actions_logged)
|
||||
u32 actions_logged,
|
||||
const char *sep)
|
||||
{
|
||||
const struct seccomp_log_name *cur;
|
||||
bool append_space = false;
|
||||
bool append_sep = false;
|
||||
|
||||
for (cur = seccomp_log_names; cur->name && size; cur++) {
|
||||
ssize_t ret;
|
||||
|
@ -1146,15 +1147,15 @@ static bool seccomp_names_from_actions_logged(char *names, size_t size,
|
|||
if (!(actions_logged & cur->log))
|
||||
continue;
|
||||
|
||||
if (append_space) {
|
||||
ret = strscpy(names, " ", size);
|
||||
if (append_sep) {
|
||||
ret = strscpy(names, sep, size);
|
||||
if (ret < 0)
|
||||
return false;
|
||||
|
||||
names += ret;
|
||||
size -= ret;
|
||||
} else
|
||||
append_space = true;
|
||||
append_sep = true;
|
||||
|
||||
ret = strscpy(names, cur->name, size);
|
||||
if (ret < 0)
|
||||
|
@ -1208,7 +1209,7 @@ static int read_actions_logged(struct ctl_table *ro_table, void __user *buffer,
|
|||
memset(names, 0, sizeof(names));
|
||||
|
||||
if (!seccomp_names_from_actions_logged(names, sizeof(names),
|
||||
seccomp_actions_logged))
|
||||
seccomp_actions_logged, " "))
|
||||
return -EINVAL;
|
||||
|
||||
table = *ro_table;
|
||||
|
|
Загрузка…
Ссылка в новой задаче