Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v5.1 2019-02-08T02:44:27Z 2019-02-08T02:44:27Z Richard Guy Briggs rgb@redhat.com 2019-02-05T21:06:30Z urn:sha1:cd108b5c51db30aa01657322bb89e48c98216ff9 auditsc_get_stamp() and audit_serial() are internal audit functions so move their prototypes from include/linux/audit.h to kernel/audit.h so they are not visible to the rest of the kernel. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2019-02-03T22:49:35Z Richard Guy Briggs rgb@redhat.com 2019-02-02T03:45:17Z urn:sha1:5f3d544f1671d214cd26e45bda326f921455256e Remove audit_context from struct task_struct and struct audit_buffer when CONFIG_AUDIT is enabled but CONFIG_AUDITSYSCALL is not. Also, audit_log_name() (and supporting inode and fcaps functions) should have been put back in auditsc.c when soft and hard link logging was normalized since it is only used by syscall auditing. See github issue https://github.com/linux-audit/audit-kernel/issues/105 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2019-01-31T01:51:47Z Richard Guy Briggs rgb@redhat.com 2019-01-23T18:35:00Z urn:sha1:57d4657716aca81ef4d7ec23e8123d26e3d28954 Don't fetch fcaps when umount2 is called to avoid a process hang while it waits for the missing resource to (possibly never) re-appear. Note the comment above user_path_mountpoint_at(): * A umount is a special case for path walking. We're not actually interested * in the inode in this situation, and ESTALE errors can be a problem. We * simply want track down the dentry and vfsmount attached at the mountpoint * and avoid revalidating the last component. This can happen on ceph, cifs, 9p, lustre, fuse (gluster) or NFS. Please see the github issue tracker https://github.com/linux-audit/audit-kernel/issues/100 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: merge fuzz in audit_log_fcaps()] Signed-off-by: Paul Moore <paul@paul-moore.com> 2019-01-25T21:48:10Z Richard Guy Briggs rgb@redhat.com 2019-01-22T22:07:41Z urn:sha1:05c7a9cb2727cd3c3d8e767f48e5cd18486a8d16 Pull together all the audit syscall watch, mark and tree prototypes and stubs into the same ifdef. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2019-01-25T18:31:23Z Richard Guy Briggs rgb@redhat.com 2019-01-24T02:36:25Z urn:sha1:2fec30e245a3b46fef89c4cb1f74eefc5fbb29a6 V3 namespaced file capabilities were introduced in commit 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") Add support for these by adding the "frootid" field to the existing fcaps fields in the NAME and BPRM_FCAPS records. Please see github issue https://github.com/linux-audit/audit-kernel/issues/103 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Acked-by: Serge Hallyn <serge@hallyn.com> [PM: comment tweak to fit an 80 char line width] Signed-off-by: Paul Moore <paul@paul-moore.com> 2019-01-14T23:01:05Z Richard Guy Briggs rgb@redhat.com 2018-12-10T22:17:50Z urn:sha1:9e36a5d49c3a6fc4a2e0ba2dc11b27c4a8ae6303 Since the context is derived from the task parameter handed to __audit_free(), hand the context to audit_kill_trees() so it can be used to associate with a syscall record. This requires adding the context parameter to kill_rules() rather than using the current audit_context. The callers of trim_marked() and evict_chunk() still have their context. The EOE record was being issued prior to the pruning of the killed_tree list. Move the kill_trees call before the audit_log_exit call in __audit_free() and __audit_syscall_exit() so that any pruned trees CONFIG_CHANGE records are included with the associated syscall event by the user library due to the EOE record flagging the end of the event. See: https://github.com/linux-audit/audit-kernel/issues/50 See: https://github.com/linux-audit/audit-kernel/issues/59 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: fixed merge fuzz in kernel/audit_tree.c] Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-11-26T23:41:21Z Paul Moore paul@paul-moore.com 2018-11-26T23:40:07Z urn:sha1:2a1fe215e7300c7ebd6a7a24afcab71db5107bb0 There are many places, notably audit_log_task_info() and audit_log_exit(), that take task_struct pointers but in reality they are always working on the current task. This patch eliminates the task_struct arguments and uses current directly which allows a number of cleanups as well. Acked-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-11-19T21:29:50Z Richard Guy Briggs rgb@redhat.com 2018-11-16T17:17:35Z urn:sha1:c8fc5d49c341805fee7fc295f2ea8a709f78aec4 Remove the CONFIG_AUDIT_WATCH and CONFIG_AUDIT_TREE config options since they are both dependent on CONFIG_AUDITSYSCALL and force CONFIG_FSNOTIFY. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-11-19T17:26:27Z Richard Guy Briggs rgb@redhat.com 2018-11-16T17:16:35Z urn:sha1:0fe3c7fceb500de2d0adfb9dcf292580cd43ea38 The audit_log_session_info() function is only used in kernel/audit*, so move its prototype to kernel/audit.h Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> 2018-02-23T16:22:22Z Paul Moore paul@paul-moore.com 2018-02-20T14:52:38Z urn:sha1:ce423631ce1f20564f818e7de6bc0eee0c01badd Evidently the __mutex_owner() function was never intended for use outside the core mutex code, so build a thing locking wrapper around the mutex code which allows us to track the mutex owner. One, arguably positive, side effect is that this allows us to hide the audit_cmd_mutex inside of kernel/audit.c behind the lock/unlock functions. Reported-by: Peter Zijlstra <peterz@infradead.org> Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>