diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-02-02 08:37:03 +1100 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-02-02 08:37:03 +1100 |
| commit | dd5f5fed6c9458a7aa81eeef3732cc3a9891cfdf (patch) | |
| tree | 06b81942dc218763889efe65faf08aeb23e71f03 /include | |
| parent | 3e01dfce1387f8bec41018f0d7b42fd88ad4163f (diff) | |
| parent | 7759db82774802885f96c250b36c3dfe317e62ff (diff) | |
Merge branch 'audit.b46' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b46' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
[AUDIT] Add uid, gid fields to ANOM_PROMISCUOUS message
[AUDIT] ratelimit printk messages audit
[patch 2/2] audit: complement va_copy with va_end()
[patch 1/2] kernel/audit.c: warning fix
[AUDIT] create context if auditing was ever enabled
[AUDIT] clean up audit_receive_msg()
[AUDIT] make audit=0 really stop audit messages
[AUDIT] break large execve argument logging into smaller messages
[AUDIT] include audit type in audit message when using printk
[AUDIT] do not panic on exclude messages in audit_log_pid_context()
[AUDIT] Add End of Event record
[AUDIT] add session id to audit messages
[AUDIT] collect uid, loginuid, and comm in OBJ_PID records
[AUDIT] return EINTR not ERESTART*
[PATCH] get rid of loginuid races
[PATCH] switch audit_get_loginuid() to task_struct *
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/audit.h | 13 | ||||
| -rw-r--r-- | include/linux/init_task.h | 8 | ||||
| -rw-r--r-- | include/linux/sched.h | 4 |
3 files changed, 21 insertions, 4 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index bdd6f5de5fc..97153027207 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -98,6 +98,7 @@ #define AUDIT_FD_PAIR 1317 /* audit record for pipe/socketpair */ #define AUDIT_OBJ_PID 1318 /* ptrace target */ #define AUDIT_TTY 1319 /* Input on an administrative TTY */ +#define AUDIT_EOE 1320 /* End of multi-record event */ #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ @@ -409,7 +410,8 @@ extern unsigned int audit_serial(void); extern void auditsc_get_stamp(struct audit_context *ctx, struct timespec *t, unsigned int *serial); extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); -extern uid_t audit_get_loginuid(struct audit_context *ctx); +#define audit_get_loginuid(t) ((t)->loginuid) +#define audit_get_sessionid(t) ((t)->sessionid) extern void audit_log_task_context(struct audit_buffer *ab); extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp); extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); @@ -488,7 +490,8 @@ extern int audit_signals; #define audit_inode_child(d,i,p) do { ; } while (0) #define audit_core_dumps(i) do { ; } while (0) #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) -#define audit_get_loginuid(c) ({ -1; }) +#define audit_get_loginuid(t) (-1) +#define audit_get_sessionid(t) (-1) #define audit_log_task_context(b) do { ; } while (0) #define audit_ipc_obj(i) ({ 0; }) #define audit_ipc_set_perm(q,u,g,m) ({ 0; }) @@ -522,9 +525,11 @@ extern void audit_log_end(struct audit_buffer *ab); extern void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len); -extern const char * audit_log_untrustedstring(struct audit_buffer *ab, +extern int audit_string_contains_control(const char *string, + size_t len); +extern void audit_log_untrustedstring(struct audit_buffer *ab, const char *string); -extern const char * audit_log_n_untrustedstring(struct audit_buffer *ab, +extern void audit_log_n_untrustedstring(struct audit_buffer *ab, size_t n, const char *string); extern void audit_log_d_path(struct audit_buffer *ab, diff --git a/include/linux/init_task.h b/include/linux/init_task.h index e6b3f708067..f42663eaf65 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h @@ -114,6 +114,13 @@ extern struct group_info init_groups; .pid = &init_struct_pid, \ } +#ifdef CONFIG_AUDITSYSCALL +#define INIT_IDS \ + .loginuid = -1, \ + .sessionid = -1, +#else +#define INIT_IDS +#endif /* * INIT_TASK is used to set up the first task table, touch at * your own risk!. Base=0, limit=0x1fffff (=2MB) @@ -173,6 +180,7 @@ extern struct group_info init_groups; [PIDTYPE_SID] = INIT_PID_LINK(PIDTYPE_SID), \ }, \ .dirties = INIT_PROP_LOCAL_SINGLE(dirties), \ + INIT_IDS \ INIT_TRACE_IRQFLAGS \ INIT_LOCKDEP \ } diff --git a/include/linux/sched.h b/include/linux/sched.h index 6c333579d9d..af6947e69b4 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -1139,6 +1139,10 @@ struct task_struct { void *security; #endif struct audit_context *audit_context; +#ifdef CONFIG_AUDITSYSCALL + uid_t loginuid; + unsigned int sessionid; +#endif seccomp_t seccomp; /* Thread group tracking */ |