Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.8-rc2 2012-10-12T04:32:02Z 2012-10-12T04:32:02Z Jeff Layton jlayton@redhat.com 2012-10-10T19:25:25Z urn:sha1:e3d6b07b8ba161f638b026feba0c3c97875d7f1c In the cases where we already know the length of the parent, pass it as a parm so we don't need to recompute it. In the cases where we don't know the length, pass in AUDIT_NAME_FULL (-1) to indicate that it should be determined. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-10-12T04:32:01Z Jeff Layton jlayton@redhat.com 2012-10-10T19:25:24Z urn:sha1:563a0d1236c2c58d584ef122a5cdc9930e5860b3 All the callers set this to NULL now. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-10-12T04:32:01Z Jeff Layton jlayton@redhat.com 2012-10-10T19:25:23Z urn:sha1:bfcec7087458812f575d9022b2d151641f34ee84 Currently, this gets set mostly by happenstance when we call into audit_inode_child. While that might be a little more efficient, it seems wrong. If the syscall ends up failing before audit_inode_child ever gets called, then you'll have an audit_names record that shows the full path but has the parent inode info attached. Fix this by passing in a parent flag when we call audit_inode that gets set to the value of LOOKUP_PARENT. We can then fix up the pathname for the audit entry correctly from the get-go. While we're at it, clean up the no-op macro for audit_inode in the !CONFIG_AUDITSYSCALL case. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2012-09-18T08:00:26Z Eric W. Biederman ebiederm@xmission.com 2012-02-08T00:53:48Z urn:sha1:cca080d9b622094831672a136e5ee4f702d116b1 - Explicitly format uids gids in audit messges in the initial user namespace. This is safe because auditd is restrected to be in the initial user namespace. - Convert audit_sig_uid into a kuid_t. - Enable building the audit code and user namespaces at the same time. The net result is that the audit subsystem now uses kuid_t and kgid_t whenever possible making it almost impossible to confuse a raw uid_t with a kuid_t preventing bugs. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> 2012-09-18T01:08:09Z Eric W. Biederman ebiederm@xmission.com 2012-09-11T09:18:08Z urn:sha1:ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7 The audit filter code guarantees that uid are always compared with uids and gids are always compared with gids, as the comparason operations are type specific. Take advantage of this proper to define audit_uid_comparator and audit_gid_comparator which use the type safe comparasons from uidgid.h. Build on audit_uid_comparator and audit_gid_comparator and replace audit_compare_id with audit_compare_uid and audit_compare_gid. This is one of those odd cases where being type safe and duplicating code leads to simpler shorter and more concise code. Don't allow bitmask operations in uid and gid comparisons in audit_data_to_entry. Bitmask operations are already denined in audit_rule_to_entry. Convert constants in audit_rule_to_entry and audit_data_to_entry into kuids and kgids when appropriate. Convert the uid and gid field in struct audit_names to be of type kuid_t and kgid_t respectively, so that the new uid and gid comparators can be applied in a type safe manner. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric Paris <eparis@redhat.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> 2012-01-17T21:16:57Z Eric Paris eparis@redhat.com 2012-01-03T19:23:06Z urn:sha1:997f5b6444f4608692ec807fb802fd9767c80e76 Audit contexts have 3 states. Disabled, which doesn't collect anything, build, which collects info but might not emit it, and record, which collects and emits. There is a 4th state, setup, which isn't used. Get rid of it. Signed-off-by: Eric Paris <eparis@redhat.com> 2010-10-30T05:42:19Z Stephen Hemminger shemminger@vyatta.com 2010-10-21T00:23:50Z urn:sha1:b8800aa5d9c7e4e2869321c77b80f322a0d9663a I was doing some namespace checks and found some simple stuff in audit that could be cleaned up. Make some functions static, and put const on make_reply payload arg. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2010-07-28T13:58:19Z Eric Paris eparis@redhat.com 2009-12-18T01:12:06Z urn:sha1:939a67fc4cbab8ca11c90da8a769d7e965d66a9b Audit watch should depend on CONFIG_AUDIT_SYSCALL and should select FSNOTIFY. This splits the spagetti like mixing of audit_watch and audit_filter code so they can be configured seperately. Signed-off-by: Eric Paris <eparis@redhat.com> 2010-07-28T13:58:17Z Eric Paris eparis@redhat.com 2009-12-18T01:12:05Z urn:sha1:a05fb6cc573130915380e00d182a4c6571cec6b2 deleting audit watch rules is not currently done under audit_filter_mutex. It was done this way because we could not hold the mutex during inotify manipulation. Since we are using fsnotify we don't need to do the extra get/put pair nor do we need the private list on which to store the parents while they are about to be freed. Signed-off-by: Eric Paris <eparis@redhat.com> 2010-07-28T13:58:16Z Eric Paris eparis@redhat.com 2009-12-18T01:12:04Z urn:sha1:ae7b8f4108bcffb42173f867ce845268c7202d48 No real changes, just cleanup to the audit_watch split patch which we done with minimal code changes for easy review. Now fix interfaces to make things work better. Signed-off-by: Eric Paris <eparis@redhat.com>