Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 21b85c31 authored by Eric Paris's avatar Eric Paris
Browse files

audit: audit feature to set loginuid immutable



This adds a new 'audit_feature' bit which allows userspace to set it
such that the loginuid is absolutely immutable, even if you have
CAP_AUDIT_CONTROL.

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent d040e5af
Loading
Loading
Loading
Loading
+2 −1
Original line number Diff line number Diff line
@@ -387,7 +387,8 @@ struct audit_features {
};

#define AUDIT_FEATURE_ONLY_UNSET_LOGINUID	0
#define AUDIT_LAST_FEATURE			AUDIT_FEATURE_ONLY_UNSET_LOGINUID
#define AUDIT_FEATURE_LOGINUID_IMMUTABLE	1
#define AUDIT_LAST_FEATURE			AUDIT_FEATURE_LOGINUID_IMMUTABLE

#define audit_feature_valid(x)		((x) >= 0 && (x) <= AUDIT_LAST_FEATURE)
#define AUDIT_FEATURE_TO_MASK(x)	(1 << ((x) & 31)) /* mask for __u32 */
+2 −1
Original line number Diff line number Diff line
@@ -144,8 +144,9 @@ static struct audit_features af = {.vers = AUDIT_FEATURE_VERSION,
				   .features = 0,
				   .lock = 0,};

static char *audit_feature_names[1] = {
static char *audit_feature_names[2] = {
	"only_unset_loginuid",
	"loginuid_immutable",
};


+3 −0
Original line number Diff line number Diff line
@@ -1971,6 +1971,9 @@ static int audit_set_loginuid_perm(kuid_t loginuid)
	/* if we are unset, we don't need privs */
	if (!audit_loginuid_set(current))
		return 0;
	/* if AUDIT_FEATURE_LOGINUID_IMMUTABLE means never ever allow a change*/
	if (is_audit_feature_set(AUDIT_FEATURE_LOGINUID_IMMUTABLE))
		return -EPERM;
	/* it is set, you need permission */
	if (!capable(CAP_AUDIT_CONTROL))
		return -EPERM;