Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 51b3eae8 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'stable-4.6' of git://git.infradead.org/users/pcmoore/audit 

Pull audit updates from Paul Moore:
 "A small set of patches for audit this time; just three in total and
  one is a spelling fix.

  The two patches with actual content are designed to help prevent new
  instances of auditd from displacing an existing, functioning auditd
  and to generate a log of the attempt.  Not to worry, dead/stuck auditd
  instances can still be replaced by a new instance without problem.

  Nothing controversial, and everything passes our regression suite"

* 'stable-4.6' of git://git.infradead.org/users/pcmoore/audit:
  audit: Fix typo in comment
  audit: log failed attempts to change audit_pid configuration
  audit: stop an old auditd being starved out by a new auditd
parents de06dbfa fd97646b

include/uapi/linux/audit.h

+1 −0
Original line number Diff line number Diff line
@@ -110,6 +110,7 @@ 
#define AUDIT_SECCOMP		1326	/* Secure Computing event */

#define AUDIT_PROCTITLE		1327	/* Proctitle emit event */

#define AUDIT_FEATURE_CHANGE	1328	/* audit log listing feature changes */

#define AUDIT_REPLACE		1329	/* Replace auditd if this packet unanswerd */



#define AUDIT_AVC		1400	/* SE Linux avc denial or grant */

#define AUDIT_SELINUX_ERR	1401	/* Internal SE Linux Errors */

kernel/audit.c

+19 −1
Original line number Diff line number Diff line
@@ -809,6 +809,16 @@ static int audit_set_feature(struct sk_buff *skb) 
	return 0;

}



static int audit_replace(pid_t pid)

{

	struct sk_buff *skb = audit_make_reply(0, 0, AUDIT_REPLACE, 0, 0,

					       &pid, sizeof(pid));



	if (!skb)

		return -ENOMEM;

	return netlink_unicast(audit_sock, skb, audit_nlk_portid, 0);

}



static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)

{

	u32			seq;
@@ -870,9 +880,17 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 
		}

		if (s.mask & AUDIT_STATUS_PID) {

			int new_pid = s.pid;

			pid_t requesting_pid = task_tgid_vnr(current);



			if ((!new_pid) && (task_tgid_vnr(current) != audit_pid))

			if ((!new_pid) && (requesting_pid != audit_pid)) {

				audit_log_config_change("audit_pid", new_pid, audit_pid, 0);

				return -EACCES;

			}

			if (audit_pid && new_pid &&

			    audit_replace(requesting_pid) != -ECONNREFUSED) {

				audit_log_config_change("audit_pid", new_pid, audit_pid, 0);

				return -EEXIST;

			}

			if (audit_enabled != AUDIT_OFF)

				audit_log_config_change("audit_pid", new_pid, audit_pid, 1);

			audit_pid = new_pid;

kernel/audit_watch.c

+1 −1
Original line number Diff line number Diff line
@@ -185,7 +185,7 @@ static struct audit_watch *audit_init_watch(char *path) 
	return watch;

}



/* Translate a watch string to kernel respresentation. */

/* Translate a watch string to kernel representation. */

int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op)

{

	struct audit_watch *watch;

kernel/auditfilter.c

+3 −3
Original line number Diff line number Diff line
@@ -158,7 +158,7 @@ char *audit_unpack_string(void **bufp, size_t *remain, size_t len) 
	return str;

}



/* Translate an inode field to kernel respresentation. */

/* Translate an inode field to kernel representation. */

static inline int audit_to_inode(struct audit_krule *krule,

				 struct audit_field *f)

{
@@ -415,7 +415,7 @@ static int audit_field_valid(struct audit_entry *entry, struct audit_field *f) 
	return 0;

}



/* Translate struct audit_rule_data to kernel's rule respresentation. */

/* Translate struct audit_rule_data to kernel's rule representation. */

static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,

					       size_t datasz)

{
@@ -593,7 +593,7 @@ static inline size_t audit_pack_string(void **bufp, const char *str) 
	return len;

}



/* Translate kernel rule respresentation to struct audit_rule_data. */

/* Translate kernel rule representation to struct audit_rule_data. */

static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)

{

	struct audit_rule_data *data;