user/sven/linux.git/kernel/audit.c, branch v3.1.1 Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.1.1 2011-07-26T23:49:47Z atomic: use <linux/atomic.h> 2011-07-26T23:49:47Z Arun Sharma asharma@fb.com 2011-07-26T23:09:06Z urn:sha1:60063497a95e716c9a689af3be2687d261f115b4 This allows us to move duplicated code in <asm/atomic.h> (atomic_inc_not_zero() for now) to <linux/atomic.h> Signed-off-by: Arun Sharma <asharma@fb.com> Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: David Miller <davem@davemloft.net> Cc: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> netfilter: add SELinux context support to AUDIT target 2011-06-30T11:31:57Z Mr Dash Four mr.dash.four@googlemail.com 2011-06-30T11:31:57Z urn:sha1:131ad62d8fc06d9d0a5c61d9526876352c2f2bbd In this revision the conversion of secid to SELinux context and adding it to the audit log is moved from xt_AUDIT.c to audit.c with the aid of a separate helper function - audit_log_secctx - which does both the conversion and logging of SELinux context, thus also preventing internal secid number being leaked to userspace. If conversion is not successful an error is raised. With the introduction of this helper function the work done in xt_AUDIT.c is much more simplified. It also opens the possibility of this helper function being used by other modules (including auditd itself), if desired. With this addition, typical (raw auditd) output after applying the patch would be: type=NETFILTER_PKT msg=audit(1305852240.082:31012): action=0 hook=1 len=52 inif=? outif=eth0 saddr=10.1.1.7 daddr=10.1.2.1 ipid=16312 proto=6 sport=56150 dport=22 obj=system_u:object_r:ssh_client_packet_t:s0 type=NETFILTER_PKT msg=audit(1306772064.079:56): action=0 hook=3 len=48 inif=eth0 outif=? smac=00:05:5d:7c:27:0b dmac=00:02:b3:0a:7f:81 macproto=0x0800 saddr=10.1.2.1 daddr=10.1.1.7 ipid=462 proto=6 sport=22 dport=3561 obj=system_u:object_r:ssh_server_packet_t:s0 Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: Mr Dash Four <mr.dash.four@googlemail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms 2011-03-03T18:55:40Z Patrick McHardy kaber@trash.net 2011-03-03T18:55:40Z urn:sha1:c53fa1ed92cd671a1dfb1e7569e9ab672612ddc6 Netlink message processing in the kernel is synchronous these days, the session information can be collected when needed. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> Merge branch 'master' of /repos/git/net-next-2.6 2011-01-19T22:51:37Z Patrick McHardy kaber@trash.net 2011-01-19T22:51:37Z urn:sha1:14f0290ba44de6ed435fea24bba26e7868421c66 audit: export symbol for use with xt_AUDIT 2011-01-18T05:48:29Z Jan Engelhardt jengelh@medozas.de 2011-01-18T05:48:12Z urn:sha1:ae9d67aff60af59548b6c7d1a74febea09660122 When xt_AUDIT is built as a module, modpost reports a problem. MODPOST 322 modules ERROR: "audit_enabled" [net/netfilter/x_tables.ko] undefined! WARNING: modpost: Found 1 section mismatch(es). Cc: Thomas Graf <tgraf@redhat.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> audit: error message typo correction 2010-11-03T17:49:58Z Ross Kirk Ross.Kirk@nexor.com 2010-10-22T15:43:17Z urn:sha1:9db3b9bcc7f53487da8766b32e2d790ad03c53b9 Fixes a typo in the error message raised by audit when auditd has died. Signed-off-by: Ross Kirk <ross.kirk@nexor.com> -- Signed-off-by: Jiri Kosina <jkosina@suse.cz> audit: Use rcu for task lookup protection 2010-10-30T12:45:42Z Thomas Gleixner tglx@linutronix.de 2009-12-09T14:19:41Z urn:sha1:ab263f47c9781a644de8b28013434b645082922e Protect the task lookups in audit_receive_msg() with rcu_read_lock() instead of tasklist_lock and use lock/unlock_sighand to protect against the exit race. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Cc: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> audit: Do not send uninitialized data for AUDIT_TTY_GET 2010-10-30T12:45:42Z Thomas Gleixner tglx@linutronix.de 2009-12-09T14:19:35Z urn:sha1:207032051a5ed38df332729ba42e98e9a1e60434 audit_receive_msg() sends uninitialized data for AUDIT_TTY_GET when the task was not found. Send reply only when task was found. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> audit: Call tty_audit_push_task() outside preempt disabled 2010-10-30T12:45:25Z Thomas Gleixner tglx@linutronix.de 2009-12-09T14:19:31Z urn:sha1:3c80fe4ac9cfb13b1bfa4edf1544e8b656716694 While auditing all tasklist_lock read_lock sites I stumbled over the following call chain: audit_prepare_user_tty() read_lock(&tasklist_lock); tty_audit_push_task(); mutex_lock(&buf->mutex); --> buf->mutex is locked with preemption disabled. Solve this by acquiring a reference to the task struct under rcu_read_lock and call tty_audit_push_task outside of the preempt disabled region. Move all code which needs to be protected by sighand lock into tty_audit_push_task() and use lock/unlock_sighand as we do not hold tasklist_lock. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Cc: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> audit: make functions static 2010-10-30T05:42:19Z Stephen Hemminger shemminger@vyatta.com 2010-10-21T00:23:50Z urn:sha1:b8800aa5d9c7e4e2869321c77b80f322a0d9663a I was doing some namespace checks and found some simple stuff in audit that could be cleaned up. Make some functions static, and put const on make_reply payload arg. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>