[PATCH v2] configure.ac: add subdir-objects
by Thomas Petazzoni
This allows to avoid the following warning when re-generating the
configure script:
auparse/Makefile.am:95: warning: source file '../lib/gen_tables.c' is in a subdirectory,
auparse/Makefile.am:95: but option 'subdir-objects' is disabled
To make this possible and avoid a bug in automake < 1.16, we have to
adjust two Makefile.am, to use a relative path rather in _SOURCES rather
than a path that uses $(top_srcdir). Indeed, $(top_srcdir) was not
properly expanded when used in _SOURCES in automake versions < 1.16.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)free-electrons.com>
---
bindings/python/python2/Makefile.am | 2 +-
bindings/python/python3/Makefile.am | 2 +-
configure.ac | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/bindings/python/python2/Makefile.am b/bindings/python/python2/Makefile.am
index 1dcb5bc..208ae66 100644
--- a/bindings/python/python2/Makefile.am
+++ b/bindings/python/python2/Makefile.am
@@ -27,7 +27,7 @@ AM_CPPFLAGS = -I$(top_builddir) -I@PYINCLUDEDIR@
pyexec_LTLIBRARIES = auparse.la
-auparse_la_SOURCES = $(top_srcdir)/bindings/python/auparse_python.c
+auparse_la_SOURCES = ../auparse_python.c
auparse_la_CPPFLAGS = -I$(top_srcdir)/auparse $(AM_CPPFLAGS)
auparse_la_LDFLAGS = -module -avoid-version -Wl,-z,relro
auparse_la_LIBADD = ${top_builddir}/auparse/libauparse.la ${top_builddir}/lib/libaudit.la
diff --git a/bindings/python/python3/Makefile.am b/bindings/python/python3/Makefile.am
index edd38e9..93495da 100644
--- a/bindings/python/python3/Makefile.am
+++ b/bindings/python/python3/Makefile.am
@@ -26,7 +26,7 @@ AM_CPPFLAGS = -I$(top_builddir) $(PYTHON3_INCLUDES)
py3exec_LTLIBRARIES = auparse.la
-auparse_la_SOURCES = $(top_srcdir)/bindings/python/auparse_python.c
+auparse_la_SOURCES = ../auparse_python.c
auparse_la_CPPFLAGS = -I$(top_srcdir)/auparse $(AM_CPPFLAGS)
auparse_la_LDFLAGS = -module -avoid-version -Wl,-z,relro
auparse_la_LIBADD = ${top_builddir}/auparse/libauparse.la ${top_builddir}/lib/libaudit.la
diff --git a/configure.ac b/configure.ac
index c5e87e7..1118f15 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,7 +37,7 @@ echo Configuring auditd $VERSION
AC_CONFIG_MACRO_DIR([m4])
AC_CANONICAL_TARGET
-AM_INIT_AUTOMAKE
+AM_INIT_AUTOMAKE([subdir-objects])
AM_PROG_LIBTOOL
AC_SUBST(LIBTOOL_DEPS)
OLDLIBS="$LIBS"
--
2.7.4
9 years, 1 month
[RFC 0/7] netlink: Add allocation flag to netlink_unicast()
by Masashi Honma
Though netlink_broadcast() has allocation flag which can specify
memory allocation type (ex. GFP_KERNEL/GFP_ATOMIC), netlink_unicast()
does not have it. This can cause "BUG: sleeping function called from
invalid context at" with CONFIG_DEBUG_ATOMIC_SLEEP enabled kernel when
calling netlink_unicast() inside RCU read-side section and not in IRQ.
Though currently such a use case was not found, to solve potential
issue we will add an allocation flag to netlink_unicast(). Previously
netlink_unicast() have used gfp_any() as a flag. We replaced it to
GFP_KERNEL or GFP_ATOMIC or etc by guessing based on context. If we
could not determine the value, we remain it gfp_any(). We welcome
comments like "this gfp_any() should be GFP_KERNEL". Of course other
comments are welcome as well.
This series of patches are not tested.
This is a RFC because this does not fix existing issue.
Masashi Honma (7):
netlink: Add allocation flag to netlink_unicast()
netfilter: Add allocation flag to nfnetlink_unicast()
netlink: Add allocation flag to nlmsg_unicast()
infiniband: Add allocation flag to ibnl_unicast()
net: Add allocation flag to rtnl_unicast()
genetlink: Add allocation flag to genlmsg_unicast()
genetlink: Add allocation flag to genlmsg_reply()
crypto/crypto_user.c | 3 ++-
drivers/block/drbd/drbd_nl.c | 2 +-
drivers/connector/connector.c | 2 +-
drivers/infiniband/core/iwpm_msg.c | 6 ++---
drivers/infiniband/core/iwpm_util.c | 5 ++--
drivers/infiniband/core/iwpm_util.h | 1 +
drivers/infiniband/core/netlink.c | 4 ++--
drivers/net/gtp.c | 3 ++-
drivers/net/team/team.c | 5 ++--
drivers/net/wireless/mac80211_hwsim.c | 4 ++--
fs/dlm/netlink.c | 2 +-
include/linux/netfilter/nfnetlink.h | 2 +-
include/linux/netlink.h | 3 ++-
include/linux/rtnetlink.h | 3 ++-
include/net/genetlink.h | 13 +++++++----
include/net/netlink.h | 6 +++--
include/rdma/rdma_netlink.h | 3 ++-
kernel/audit.c | 9 ++++----
kernel/taskstats.c | 4 ++--
net/core/devlink.c | 12 +++++-----
net/core/net_namespace.c | 2 +-
net/core/rtnetlink.c | 12 ++++++----
net/dcb/dcbnl.c | 2 +-
net/decnet/dn_route.c | 3 ++-
net/hsr/hsr_netlink.c | 6 +++--
net/ieee802154/ieee802154.h | 3 ++-
net/ieee802154/netlink.c | 5 ++--
net/ieee802154/nl-mac.c | 4 ++--
net/ieee802154/nl-phy.c | 6 ++---
net/ieee802154/nl802154.c | 4 ++--
net/ipv4/devinet.c | 2 +-
net/ipv4/fib_frontend.c | 2 +-
net/ipv4/fou.c | 2 +-
net/ipv4/inet_diag.c | 2 +-
net/ipv4/ipmr.c | 6 +++--
net/ipv4/route.c | 2 +-
net/ipv4/tcp_metrics.c | 2 +-
net/ipv4/udp_diag.c | 2 +-
net/ipv6/addrconf.c | 4 ++--
net/ipv6/addrlabel.c | 2 +-
net/ipv6/ila/ila_xlat.c | 2 +-
net/ipv6/ip6mr.c | 6 +++--
net/ipv6/route.c | 2 +-
net/irda/irnetlink.c | 2 +-
net/l2tp/l2tp_netlink.c | 8 ++++---
net/netfilter/ipset/ip_set_core.c | 11 +++++----
net/netfilter/ipvs/ip_vs_ctl.c | 2 +-
net/netfilter/nf_conntrack_netlink.c | 9 +++++---
net/netfilter/nf_tables_api.c | 10 ++++----
net/netfilter/nfnetlink.c | 4 ++--
net/netfilter/nfnetlink_acct.c | 2 +-
net/netfilter/nfnetlink_cthelper.c | 2 +-
net/netfilter/nfnetlink_cttimeout.c | 5 ++--
net/netfilter/nfnetlink_log.c | 4 ++--
net/netfilter/nfnetlink_queue.c | 3 ++-
net/netfilter/nft_compat.c | 4 ++--
net/netlabel/netlabel_cipso_v4.c | 2 +-
net/netlabel/netlabel_mgmt.c | 4 ++--
net/netlabel/netlabel_unlabeled.c | 2 +-
net/netlink/af_netlink.c | 14 +++++++-----
net/netlink/genetlink.c | 2 +-
net/nfc/netlink.c | 6 ++---
net/openvswitch/datapath.c | 9 ++++----
net/sched/act_api.c | 2 +-
net/sctp/sctp_diag.c | 2 +-
net/tipc/bearer.c | 4 ++--
net/tipc/netlink_compat.c | 2 +-
net/tipc/node.c | 2 +-
net/unix/diag.c | 2 +-
net/wireless/nl80211.c | 43 ++++++++++++++++++-----------------
net/xfrm/xfrm_user.c | 15 +++++++-----
samples/connector/cn_test.c | 2 +-
72 files changed, 199 insertions(+), 155 deletions(-)
--
2.7.4
9 years, 1 month
Re: [RFC 0/7] netlink: Add allocation flag to netlink_unicast()
by Masashi Honma
On 2016年07月09日 01:08, David Teigland wrote:
> On Thu, Jul 07, 2016 at 09:35:45AM +0900, Masashi Honma wrote:
>> At the fs/dlm/netlink.c#dlm_timeout_warn(),
>> prepare_data allocates buffer with GFP_NOFS
>> and send_data() sends the buffer.
>>
>> But send_data() uses GFP_KERNEL or GFP_ATOMIC inside it.
>> Should it be replaced by GFP_NOFS ?
> That's old code that's never been used so it doesn't really matter.
>
I see. Thank you.
9 years, 1 month
audit 2.6.4 released
by Steve Grubb
Hello,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:
- Fix interpretation of saddr fields when using enriched events
- In netlink_handler of auditd, ensure ack_func is initialized to NULL
- Use full path to auditctl in augenrules
- Raise the number of log files auditd allows to 999
- In auditd reconfig, update use_libwrap setting
- Fix memory leak in reconfigure
- Add EHWPOISON definition for errno lookup table if missing (Thomas Petazzoni)
- Better detect struct audit_status existence (Thomas Petazzoni)
- Rework dispatcher protocol 1 to be what it used to be
This is yet another bug fix to the 2.6 major revision. The main bug fixed is an
uninitialized function pointer that caused auditd to segfault. Another major
fix is reverting the format of protocol 1 dipatched records. It was
inadvertantly updated to protocol 2 even though the header was advertising 1.
This update also fixes a couple small memory leaks that would occur when the
audit daemon recieved a SIGHUP to reload. This also makes sure that all
variables get updated on a reconfigure. It was also found that use_libwrap was
not in auditd.conf even though the man page talked about it.
Please let me know if you run across any problems with this release.
-Steve
9 years, 1 month
Re: Crash when loading the rules
by Steve Grubb
Hello,
I revceived the strace file which made the email too big for the mail list.
I'm including the important part below.
On Wednesday, July 6, 2016 6:31:00 PM EDT Laurent Bigonville wrote:
> Le 06/07/16 à 18:23, Steve Grubb a écrit :
> >So, I'm note sure why you are getting a
> > core dump. If this is reproducible it might be good to get an strace to see
> > what is being handed to writev. Or maybe try it from valgrind to see if
> > that gives additional information.
>
> Valgrind is a bit broken in debian unstable due to the compressed debug
> symbols.
>
> I've attached here the output of strace
[pid 1595] write(4</var/log/audit/audit.log>, "type=SYSCALL msg=audit(1467798264.913:1259): arch=c000003e syscall=47 success=yes exit=267 a0=6 a1=7ffe30a5e630 a2=40000040 a3=ffffffff items=0 ppid=1 pid=1108 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"systemd-journal\" exe=\"/lib/systemd/systemd-journald\" subj=system_u:system_r:syslogd_t:s0 key=(null)\n", 364) = 364
[pid 1595] fstatfs(4</var/log/audit/audit.log>, {f_type=EXT2_SUPER_MAGIC, f_bsize=4096, f_blocks=3838052, f_bfree=1172381, f_bavail=987245, f_files=977280, f_ffree=703441, f_fsid={9930339, 726475040}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_RELATIME}) = 0
This shows that it made it to write_to_log and then called check_log_file_size
[pid 1595] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x90430527} ---
[pid 1602] +++ killed by SIGSEGV (core dumped) +++
+++ killed by SIGSEGV (core dumped) +++
The traceback is not accurate. We are somewhere else in the code. I am going
to bet that its crashing on trying to ack because in the netlink path its not
getting set to NULL. I updated svn with a 1 line fix. Can you either pull the
new code from svn and try it or add this patch to your build?
https://fedorahosted.org/audit/changeset/1320/trunk/src/auditd.c
Let me know if this does it.
Thanks,
-Steve
9 years, 1 month
Possible bug compiling Audit 2.6.x against kernel headers older than 3.19
by Adam Duskett
Audit 2.6.x checks for AUDIT_FEATURE_VERSION to be defined in
include/linux/audit.h (this define was introduced in kernel version
3.13) and then blindly assumes that struct audit_status has
feature_bitmap.
However this looks like a problem as feature_bitmap wasn't introduced
until kernel 3.19, even though the requirements for Audit state that anything >
2.6.30 should work. (http://people.redhat.com/sgrubb/audit/)
This causes a compile error when attempting to compile audit 2.6.x
against kernel headers younger than 3.19.
libaudit.c:609:33: error: 'struct audit_status' has no member named
'feature_bitmap'
features_bitmap = rep.status->feature_bitmap;
9 years, 1 month
Crash when loading the rules
by Laurent Bigonville
Hi,
With 2.6.3, when loading the rules, it's crashing and I get the
following backtrace:
#0 0x00007ffff687e99d in writev () at ../sysdeps/unix/syscall-template.S:84
#1 0x00005555555610ab in dispatch_event (rep=<optimized out>, is_err=0)
at ../../../src/auditd-dispatch.c:189
#2 0x000055555555a700 in distribute_event (e=0x555555779d80) at
../../../src/auditd.c:216
#3 0x000055555555aac8 in netlink_handler (loop=<optimized out>,
io=<optimized out>, revents=<optimized out>) at ../../../src/auditd.c:500
#4 0x0000555555562eb7 in ev_invoke_pending (loop=0x555555773e80
<default_loop_struct>) at ../../../../src/libev/ev.c:3162
#5 0x000055555556623d in ev_run (loop=0x555555773e80
<default_loop_struct>, flags=0) at ../../../../src/libev/ev.c:3562
#6 0x0000555555559e06 in ev_loop (flags=0, loop=0x555555773e80
<default_loop_struct>) at ../../../src/libev/ev.h:835
#7 main (argc=<optimized out>, argv=<optimized out>) at
../../../src/auditd.c:841
The rules are pretty dump:
-D
-b 8192
-f 1
--backlog_wait_time 0
An idea what's going on?
Cheers,
Laurent Bigonville
9 years, 1 month
audit 2.6.3 released
by Steve Grubb
Hello,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:
- Fix NULL poiinter deref in auparse
- Optionally add dependency to libcap-ng in audit.pc
This is another bug fix release. The NULL ptr deref in auparse is crashing
auditd. And this adds a missing library dependency in the package config file
reported by Laurent.
Please let me know if you run across any problems with this release.
-Steve
9 years, 1 month
audit 2.6.2 released
by Steve Grubb
Hello,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:
- Fix ausearch segfault when using numeric uids
- In auparse move aulol structure into auparse_state_t
- Save and restore libcap-ng state when doing a capability check
- Require auparse_state_t pointer on auparse_set_escape_mode
This is another bug fix release. This fixes several bugs that have been
discovered during testing. The most important bug fixed is saving the
capability state and restoring it when testing capabilities. Not doing this
breaks the newer libvirt based programs such as gnome-boxes.
Please let me know if you run across any problems with this release.
-Steve
9 years, 2 months
