Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v5.0.15 2018-12-14T17:09:30Z 2018-12-14T17:09:30Z YueHaibing yuehaibing@huawei.com 2018-12-09T06:25:02Z urn:sha1:d406db524c32ca35bd85cada28a547fff3115715 Remove duplicated include. Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-12-04T00:26:10Z Richard Guy Briggs rgb@redhat.com 2018-11-30T21:13:16Z urn:sha1:9a547c7e575fc2501c12081558fda3027d0f2a5e Since the vast majority of files (99.993% on a typical system) have no fcaps, display "0" instead of the full zero-padded 16 hex digits in the two PATH record cap_f* fields to save netlink bandwidth and disk space. Simply changing the format to %x won't work since the value is two (or possibly more in the future) 32-bit hexadecimal values concatenated and bits in higher order values will be misrepresented. Passes audit-testsuite and userspace tools already work fine. Please see the github issue tracker for more details https://github.com/linux-audit/audit-kernel/issues/101 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Acked-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-11-26T23:41:21Z Paul Moore paul@paul-moore.com 2018-11-26T23:40:07Z urn:sha1:2a1fe215e7300c7ebd6a7a24afcab71db5107bb0 There are many places, notably audit_log_task_info() and audit_log_exit(), that take task_struct pointers but in reality they are always working on the current task. This patch eliminates the task_struct arguments and uses current directly which allows a number of cleanups as well. Acked-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-11-26T23:40:00Z Paul Moore paul@paul-moore.com 2018-08-02T21:56:50Z urn:sha1:d0a3f18a70f2d9700bf9f5e9c4a505472388a7c1 There are some cases where we are making multiple audit_log_format() calls in a row, for no apparent reason. Squash these down to a single audit_log_format() call whenever possible. Acked-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-11-19T17:31:42Z Richard Guy Briggs rgb@redhat.com 2018-11-16T21:30:10Z urn:sha1:a2c97da11cdb973b752dd434aee9636ce10ee737 There are still a couple of places (mark and watch config changes) that open code auid and ses fields in sequence in records instead of using the audit_log_session_info() helper. Use the helper. Adjust the helper to accommodate being the first fields. Passes audit-testsuite. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: fixed misspellings in the description] Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-07-17T18:45:08Z Paul Moore paul@paul-moore.com 2018-07-17T18:45:08Z urn:sha1:290e44b7dd116cc61cf37b7ca0be13313bb11e37 Commit c72051d5778a ("audit: use ktime_get_coarse_ts64() for time access") converted audit's use of current_kernel_time64() to the new ktime_get_coarse_ts64() function. Unfortunately this resulted in incorrect timestamps, e.g. events stamped with the year 1969 despite it being 2018. This patch corrects this by using ktime_get_coarse_real_ts64() just like the current_kernel_time64() wrapper. Fixes: c72051d5778a ("audit: use ktime_get_coarse_ts64() for time access") Reviewed-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-07-03T14:12:54Z Arnd Bergmann arnd@arndb.de 2018-06-18T14:58:24Z urn:sha1:c72051d5778a9c0e5df31d6553a6fa3507b3685c The API got renamed for consistency with the other time accessors, this changes the audit caller as well. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-06-19T14:43:55Z Richard Guy Briggs rgb@redhat.com 2018-06-05T23:20:39Z urn:sha1:f7859590d97614815b35a755c8213dfb8f2766bd Remove comparison of audit_enabled to magic numbers outside of audit. Related: https://github.com/linux-audit/audit-kernel/issues/86 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-06-19T14:39:54Z Richard Guy Briggs rgb@redhat.com 2018-06-05T15:45:07Z urn:sha1:d904ac0320d3c4ff4e9d80e4294ca5dde803696f The AUDIT_FILTER_TYPE name is vague and misleading due to not describing where or when the filter is applied and obsolete due to its available filter fields having been expanded. Userspace has already renamed it from AUDIT_FILTER_TYPE to AUDIT_FILTER_EXCLUDE without checking if it already exists. The userspace maintainer assures that as long as it is set to the same value it will not be a problem since the userspace code does not treat compiler warnings as errors. If this policy changes then checks if it already exists can be added at the same time. See: https://github.com/linux-audit/audit-kernel/issues/89 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-05-14T21:24:18Z Richard Guy Briggs rgb@redhat.com 2018-05-13T01:58:20Z urn:sha1:cdfb6b341f0f2409aba24b84f3b4b2bba50be5c5 Recognizing that the audit context is an internal audit value, use an access function to retrieve the audit context pointer for the task rather than reaching directly into the task struct to get it. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: merge fuzz in auditsc.c and selinuxfs.c, checkpatch.pl fixes] Signed-off-by: Paul Moore <paul@paul-moore.com>