Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 83fa6bbe authored by Eric Paris's avatar Eric Paris
Browse files

audit: remove CONFIG_AUDIT_LOGINUID_IMMUTABLE 



After trying to use this feature in Fedora we found the hard coding
policy like this into the kernel was a bad idea.  Surprise surprise.
We ran into these problems because it was impossible to launch a
container as a logged in user and run a login daemon inside that container.
This reverts back to the old behavior before this option was added.  The
option will be re-added in a userspace selectable manor such that
userspace can choose when it is and when it is not appropriate.

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent da0a6104

init/Kconfig

+0 −14
Original line number Diff line number Diff line
@@ -301,20 +301,6 @@ config AUDIT_TREE 
	depends on AUDITSYSCALL

	select FSNOTIFY



config AUDIT_LOGINUID_IMMUTABLE

	bool "Make audit loginuid immutable"

	depends on AUDIT

	help

	  The config option toggles if a task setting its loginuid requires

	  CAP_SYS_AUDITCONTROL or if that task should require no special permissions

	  but should instead only allow setting its loginuid if it was never

	  previously set.  On systems which use systemd or a similar central

	  process to restart login services this should be set to true.  On older

	  systems in which an admin would typically have to directly stop and

	  start processes this should be set to false.  Setting this to true allows

	  one to drop potentially dangerous capabilites from the login tasks,

	  but may not be backwards compatible with older init systems.



source "kernel/irq/Kconfig"

source "kernel/time/Kconfig"

kernel/auditsc.c

+4 −6
Original line number Diff line number Diff line
@@ -1968,15 +1968,13 @@ static atomic_t session_id = ATOMIC_INIT(0); 


static int audit_set_loginuid_perm(kuid_t loginuid)

{

#ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE

	/* if we are unset, we don't need privs */

	if (!audit_loginuid_set(current))

		return 0;

#else	/* CONFIG_AUDIT_LOGINUID_IMMUTABLE */

	if (capable(CAP_AUDIT_CONTROL))

		return 0;

#endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */

	/* it is set, you need permission */

	if (!capable(CAP_AUDIT_CONTROL))

		return -EPERM;

	return 0;

}



static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,