linux/kernel/auditsc.c, branch v2.6.24

auditsc: fix kernel-doc param warnings

2007-10-23T02:40:02Z

Fix kernel-doc for auditsc parameter changes. Warning(linux-2.6.23-git17//kernel/auditsc.c:1623): No description found for parameter 'dentry' Warning(linux-2.6.23-git17//kernel/auditsc.c:1666): No description found for parameter 'dentry' Signed-off-by: Randy Dunlap Signed-off-by: Linus Torvalds

[PATCH] audit: watching subtrees

2007-10-21T06:37:45Z

New kind of audit rule predicates: "object is visible in given subtree". The part that can be sanely implemented, that is. Limitations: * if you have hardlink from outside of tree, you'd better watch it too (or just watch the object itself, obviously) * if you mount something under a watched tree, tell audit that new chunk should be added to watched subtrees * if you umount something in a watched tree and it's still mounted elsewhere, you will get matches on events happening there. New command tells audit to recalculate the trees, trimming such sources of false positives. Note that it's _not_ about path - if something mounted in several places (multiple mount, bindings, different namespaces, etc.), the match does _not_ depend on which one we are using for access. Signed-off-by: Al Viro

[PATCH] pass dentry to audit_inode()/audit_inode_child()

2007-10-21T06:37:18Z

makes caller simpler *and* allows to scan ancestors Signed-off-by: Al Viro

whitespace fixes: syscall auditing

2007-10-18T21:37:25Z

Signed-off-by: Daniel Walker Cc: David Woodhouse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

Clean up duplicate includes in kernel/

2007-10-17T15:42:48Z

This patch cleans up duplicate includes in kernel/ Signed-off-by: Jesper Juhl Acked-by: Paul E. McKenney Reviewed-by: Satyam Sharma Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

SUNRPC: Convert rpc_pipefs to use the generic filesystem notification hooks

2007-10-09T21:15:26Z

This will allow rpc.gssd to use inotify instead of dnotify in order to locate new rpc upcall pipes. This also requires the exporting of __audit_inode_child(), which is used by fsnotify_create() and fsnotify_mkdir(). Ccing David Woodhouse. Cc: David Woodhouse Signed-off-by: Trond Myklebust

kernel/auditsc.c: fix an off-by-one

2007-08-23T02:52:44Z

This patch fixes an off-by-one in a BUG_ON() spotted by the Coverity checker. Signed-off-by: Adrian Bunk Cc: Amy Griffis Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

fix oops in __audit_signal_info()

2007-08-08T02:58:56Z

The check for audit_signals is misplaced and the check for audit_dummy_context() is missing; as the result, if we send a signal to auditd from task with NULL ->audit_context while we have audit_signals != 0 we end up with an oops. Signed-off-by: Al Viro Acked-by: James Morris Signed-off-by: Linus Torvalds

audit: fix two bugs in the new execve audit code

2007-07-29T02:42:22Z

copy_from_user() returns the number of bytes not copied, hence 0 is the expected output. axi->mm might not be valid anymore when not equal to current->mm, do not dereference before checking that - thanks to Al for spotting that. Signed-off-by: Peter Zijlstra Tested-by: Steve Grubb Signed-off-by: Linus Torvalds

[PATCH] get rid of AVC_PATH postponed treatment

2007-07-22T13:57:02Z

Selinux folks had been complaining about the lack of AVC_PATH records when audit is disabled. I must admit my stupidity - I assumed that avc_audit() really couldn't use audit_log_d_path() because of deadlocks (== could be called with dcache_lock or vfsmount_lock held). Shouldn't have made that assumption - it never gets called that way. It _is_ called under spinlocks, but not those. Since audit_log_d_path() uses ab->gfp_mask for allocations, kmalloc() in there is not a problem. IOW, the simple fix is sufficient: let's rip AUDIT_AVC_PATH out and simply generate pathname as part of main record. It's trivial to do. Signed-off-by: Al Viro Acked-by: James Morris