git tree
by Alexander Viro
OK... Untangling the mess around ppoll/unshare for backport to
2.6.15-based tree turns out to be just too messy. Therefore,
git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current.git/
contains the tree based on Linus' current. Branches:
* origin = mainline
* audit = ported stuff, that's where everything got to settle
Amy, I've moved 3 of 4 patches to current tree; please see if they are
OK (the 3rd might be worth a look) and see if you could port the last one.
Currently ported stuff is in branch called amg (3 changesets, starts at
current tip of audit).
I'm going to keep the entire construction within a day from
mainline; experiments on much larger patchset show that it's quite
feasible. Questions:
* what kind of tags do we want for that animal? E.g. for
kernels we are testing, etc.
* do we want LSPP srpms to be put there? It's not hard to do;
about half an hour for each...
* what of pending patches needs to be ported to current tree
ASAP? Note that we've got unshare from mainline; everything that had
been in old tree is there and so's jbaron's vm86 patch.
18 years, 10 months
- 1
- 0
audit 1.1.4 released
by Steve Grubb
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit It will also be in rawhide
tomorrow. The Changelog is:
- Fix bug in autrace where it didn't run on kernels without file watch support
- Add syslog message to auditd saying what program was started for dispatcher
- Remove audit_send_user from public api
- Fix bug in USER_LOGIN messages where ausearch does not translate
msg='uid=500: into acct name (#178102).
- Change comm with dispatcher to socketpair from pipe
- Change auditd to use custom daemonize to avoid race in init scripts
- Update error message when deleting a rule that doesn't exist (#176239)
- Call shutdown_dispatcher when auditd stops
- Add new logging function audit_log_semanage_message
This release is mostly bug fixes and api cleanups.
This release also adds a patch to enable AppArmor support. To have the system
recognize AppArmor events, you should add --with-apparmor to the ./configure
command. It is off by default.
Please let me if there are any issues with this.
-Steve
18 years, 10 months
- 1
- 0
LSPP test kernel patches
by Amy Griffis
Hi Steve,
Please include the following patches in the next version of the LSPP
test kernel.
https://www.redhat.com/archives/linux-audit/2006-February/msg00033.html
https://www.redhat.com/archives/linux-audit/2006-February/msg00034.html
https://www.redhat.com/archives/linux-audit/2006-January/msg00084.html
Thanks,
Amy
18 years, 10 months
- 1
- 0
Re: [PATCH 1/2] SELinux Context Label based audit filtering
by Dustin Kirkland
On Thu, 2006-02-02 at 15:17 -0500, Stephen Smalley wrote:
> On Thu, 2006-02-02 at 13:41 -0600, Dustin Kirkland wrote:
> > Kernel audit component
> >
> > This patch is against David Woodhouse's last update of his audit-2.6 git
> > tree, plus a patch submitted by Amy Griffis on 2006-01-17 that adds
> > support for strings in audit rules. This patch can be found here:
> > https://www.redhat.com/archives/linux-audit/2006-January/msg00064.html
>
> Patch was encoded by your mailer.
That it was. Apparently Evolution automatically encodes messages when
signed with a GPG key. Which means a difficult choice between making
the patch readable and establishing authenticity ;)
> > Note that this code actually only provides enough functionality to
> > filter on _task_ labels. I'm looking for input or acknowledgment from
> > the SELinux guys (cc'd) on the validity of the approach herein.
> > Additionally, I'm open to suggestions on how I might similarly collect
> > object and user labels for the same filtering mechanism (if required).
> > I hope to easily extend this patch to handle those as well, though I
> > wanted to put this much forth immediately to incorporate suggestions.
>
> Object security contexts are already being harvested along the way, e.g.
> audit_inode() -> audit_inode_context(), so you already have them
> available at the point of filter checking. Other (less expensive
> option) for both the object contexts and the task context would be to
> instead only harvest the SIDs (via new interfaces) and to provide
> interfaces for getting specific fields and compare them rather than
> having to allocate memory and generate full contexts each time, as we've
> discussed before on the list. That does require changes to the SELinux
> module and new interfaces from it, of course.
Let the efficiency games begin...
I'll gladly pursue the less expensive option, though I will require some
guidance from you in implementing these new SELinux exported API's.
In this case, I guess I would like to have SELinux export something like
the following hypothetical function, which takes as input a sid and the
field position, and SELinux returns a char pointer to the requested
string:
char *security_get_field_from_sid(u32 sid, u32 field);
As it seems similar in functionality, should it live somewhere near
security_sid_to_context() in security/selinux/ss/services.c? That
function expects a preallocated string... Should it be possible to
return a const char* from the hypothetical security_get_field_from_sid()
to simplify the caller's mem management? Where's the const string
located in SELinux located that could be so sliced up? I'm really
looking for some pointers here.
Thus, the audit code would first need to call something like:
u32 security_get_sid(???);
What arguments would be required to such a function? Could it be
general purpose enough for inode/ipc/etc objects, as well as tasks?
> > Comments appreciated...
>
> > diff --git a/include/linux/audit.h b/include/linux/audit.h
> > --- a/include/linux/audit.h
> > +++ b/include/linux/audit.h
> > @@ -140,6 +140,11 @@
> > #define AUDIT_PERS 10
> > #define AUDIT_ARCH 11
> > #define AUDIT_MSGTYPE 12
> > +#define AUDIT_SE_USER 13 /* security label user */
> > +#define AUDIT_SE_ROLE 14 /* security label role */
> > +#define AUDIT_SE_TYPE 15 /* security label type */
> > +#define AUDIT_SE_CAT 16 /* security label category */
> > +#define AUDIT_SE_SENS 17 /* security label sensitivity */
>
> There can be two levels in the MLS field (a low and a high), so you have
> potentially two sensitivities and two category sets, plus you may want
> to match on a particular category in a category set, not the entire
> thing. Also, the above doesn't seem very extensible to cope with
> potential future extension of the SELinux security context.
Well, the audit rule filter structure needs some unique way to identify
each field, which we're doing with a unique integer per field. Looking
at the lines preceding these new #define's, you'll see the rest of the
fields that we're able to filter upon.
I can easily throw in:
AUDIT_SE_CAT_L
AUDIT_SE_CAT_H
AUDIT_SE_SENS_L
AUDIT_SE_SENS_H
And add those to the switch statement. That can continue on basically
indefinitely. I don't know how much growth you expect in the context
label, but the audit system would have to stay in sync with your
changes.
But if I read you correctly, you'd like to see an entirely different
approach.
I suppose we could set the type of the field to a single AUDIT_SE_LABEL,
and elsewhere in the audit_rule_data structure store the offset (the
element number) of the SELinux label to match. Unfortunately, I'm not
seeing a clean place to drop that offset integer into the structure.
Perhaps in audit_rule_data->fieldflags[i], but I don't really think
that's what that structure member was intended for.
Other suggestions?
> > diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> > --- a/kernel/auditsc.c
> > +++ b/kernel/auditsc.c
> > @@ -157,15 +157,23 @@ struct audit_context {
> > #endif
> > };
> >
> > +static char *audit_get_task_label(void);
> >
> > /* Compare a task_struct with an audit_rule. Return 1 on match, 0
> > * otherwise. */
> > static int audit_filter_rules(struct task_struct *tsk,
> > struct audit_krule *rule,
> > struct audit_context *ctx,
> > - enum audit_state *state)
> > + enum audit_state *state,
> > + char *label)
> > {
> > int i, j;
> > + char *user, *role, *type, *cat, *sens;
> > + user = strsep(&label, ":");
> > + role = strsep(&label, ":");
> > + type = strsep(&label, ":");
> > + cat = strsep(&label, ":");
> > + sens = strsep(&label, ":");
>
> Audit code should not be directly parsing SELinux contexts.
> You want the SELinux module to perform the splitting, and preferably to
> even just give you the field directly as a const char * from SID so that
> you never have to allocate and generate the entire context string.
Ok. I think the comments/questions I posted above should address
this...
:-Dustin
18 years, 10 months
- 4
- 17
[PATCH] cups auditing patch
by Matt Anderson
Here is my updated auditing patch for CUPS.
The patch uses the audit_log_user_message() interface to audit and has
been tested against audit-1.1.3-1 with the 2.6.15-LSPP.7 kernel. I've
also included an updated spec file based on cups-1.1.23-30.
As I said in the LSPP call there is at least one more audit message that
will be needed. It will most likely be in
scheduler/auth.c:IsAuthorized() and it will be responsible for sending
the audit event when the user submits a print job which will fail due to
the system security policy.
-matt
%define initdir /etc/rc.d/init.d
%define use_alternatives 1
%define use_dbus 1
%define build_as_pie 1
%define use_audit 1
Summary: Common Unix Printing System
Name: cups
Version: 1.1.23
Release: 31
License: GPL
Group: System Environment/Daemons
Source: ftp://ftp.easysw.com/pub/cups/test/cups-%{version}-source.tar.bz2
Source1: cups.init
Source2: cupsprinter.png
Source5: cups-lpd
Source6: pstoraster
Source7: pstoraster.convs
Source8: postscript.ppd.gz
Source9: cups.logrotate
Source10: ncp.backend
Source11: cups.conf
Source12: cups.cron
Patch0: cups-1.1.15-initscript.patch
Patch1: cups-1.1.14-doclink.patch
Patch2: cups-1.1.16-system-auth.patch
Patch3: cups-1.1.17-backend.patch
Patch4: cups-ext.patch
Patch5: cups-str1023.patch
Patch6: cups-1.1.17-pdftops.patch
Patch7: cups-logfileperm.patch
Patch8: cups-1.1.17-rcp.patch
Patch9: cups-1.1.17-ppdsdat.patch
Patch10: cups-1.1.17-sanity.patch
Patch11: cups-1.1.19-lpstat.patch
Patch12: cups-locale.patch
Patch13: cups-CAN-2005-0064.patch
Patch14: cups-str1068.patch
Patch15: cups-sigchld.patch
Patch16: cups-pie.patch
Patch17: cups-1.1.19-no_rpath.patch
Patch18: cups-language.patch
Patch19: cups-gcc34.patch
Patch20: cups-gcc4.patch
Patch21: cups-slow.patch
Patch22: cups-dest-cache-v2.patch
Patch23: cups-autodetected-tag.patch
Patch24: cups-maxlogsize.patch
Patch25: cups-enabledisable.patch
Patch28: cups-no-propagate-ipp-port.patch
Patch30: cups-session-printing.patch
Patch32: cups-pid.patch
Patch33: cups-CAN-2004-0888.patch
Patch34: cups-CAN-2005-2097.patch
Patch35: cups-finddest.patch
Patch36: cups-str1249.patch
Patch37: cups-str1284.patch
Patch38: cups-str1290.patch
Patch39: cups-str1301.patch
Patch40: cups-link.patch
Patch41: cups-relro.patch
Patch42: cups-CVE-2005-3625,6,7.patch
Patch43: cups-dbus.patch
Patch44: cups-1.1.23-audit.patch
Epoch: 1
Url: http://www.cups.org/
BuildRoot: %{_tmppath}/%{name}-root
PreReq: /sbin/chkconfig /sbin/service
Requires: %{name}-libs = %{epoch}:%{version}
%if %use_alternatives
Provides: /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat
Prereq: /usr/sbin/alternatives
%endif
# Unconditionally obsolete LPRng so that upgrades work properly.
Obsoletes: lpd lpr LPRng <= 3.8.15-3
Provides: lpd lpr LPRng = 3.8.15-3
BuildPrereq: pam-devel openssl-devel pkgconfig
BuildRequires: make >= 1:3.80
# -fstack-protector-all requires GCC 4.0.1
BuildRequires: gcc >= 4.0.1
%if %use_dbus
BuildPrereq: dbus-devel >= 0.60
Requires: dbus >= 0.60
%endif
%if %use_audit
BuildPrereq: audit-libs-devel >= 1.1
Requires: audit >= 1.1
%endif
%package devel
Summary: Common Unix Printing System - development environment
Group: Development/Libraries
Requires: %{name}-libs = %{epoch}:%{version}
Requires: openssl-devel
%package libs
Summary: Common Unix Printing System - libraries
Group: System Environment/Libraries
%package lpd
Summary: Common Unix Printing System - lpd emulation
Group: System Environment/Daemons
Requires: %{name} = %{epoch}:%{version} xinetd
%description
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
%description devel
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. This is the development package for creating
additional printer drivers, and other CUPS services.
%description libs
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
The cups-libs package provides libraries used by applications to use CUPS
natively, without needing the lp/lpr commands.
%description lpd
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. This is the package that provices standard
lpd emulation.
%prep
%setup -q
%patch0 -p1 -b .noinit
%patch1 -p1 -b .doclink
%patch2 -p1 -b .system-auth
%patch3 -p1 -b .backend
%patch4 -p1 -b .ext
%patch5 -p1 -b .str1023
%patch6 -p1 -b .pdftops
%patch7 -p1 -b .logfileperm
%patch8 -p1 -b .rcp
%patch9 -p1 -b .ppdsdat
%patch10 -p1 -b .sanity
%patch11 -p1 -b .lpstat
%patch12 -p1 -b .locale
%patch13 -p1 -b .CAN-2005-0064
%patch14 -p1 -b .str1068
%patch15 -p1 -b .sigchld
%if %build_as_pie
%patch16 -p1 -b .pie
%endif
%patch17 -p1 -b .no_rpath
%patch18 -p1 -b .language
%patch19 -p1 -b .gcc34
%patch20 -p1 -b .gcc4
%patch21 -p1 -b .slow
%patch22 -p1 -b .dest-cache-v2
%patch23 -p1 -b .autodetected-tag
%patch24 -p1 -b .maxlogsize
%patch25 -p1 -b .enabledisable
%patch28 -p1 -b .no-propagate-ipp-port
#%patch30 -p1 -b .session-printing
%patch32 -p1 -b .pid
%patch33 -p1 -b .CAN-2004-0888
%patch34 -p1 -b .CAN-2005-2097
%patch35 -p1 -b .finddest
%patch36 -p1 -b .str1249
%patch37 -p1 -b .str1284
%patch38 -p1 -b .str1290
%patch39 -p1 -b .str1301
%patch40 -p1 -b .link
%patch41 -p1 -b .relro
%patch42 -p1 -b .CVE-2005-3625,6,7
%if %use_dbus
%patch43 -p1 -b .dbus
%endif
%if %use_audit
%patch44 -p1 -b .audit
%endif
perl -pi -e 's,^#(Printcap\s+/etc/printcap),$1,' conf/cupsd.conf.in
aclocal -I config-scripts
autoconf
cp %{SOURCE5} cups-lpd.real
perl -pi -e "s,\@LIBDIR\@,%{_libdir},g" cups-lpd.real
# Let's look at the compilation command lines.
perl -pi -e "s,^.SILENT:,," Makedefs.in
for i in man/{es,fr}/*.man templates/{de,fr}/*.tmpl; do
iconv -f iso-8859-1 -t utf-8 < "$i" > "${i}_"
mv "${i}_" "$i"
done
%build
if pkg-config openssl ; then
export CFLAGS=`pkg-config --cflags openssl`
export CPPFLAGS=`pkg-config --cflags-only-I openssl`
export LDFLAGS=`pkg-config --libs-only-L openssl`
fi
%configure --with-docdir=%{_docdir}/cups-%{version} \
--with-optim="$RPM_OPT_FLAGS $CFLAGS -fstack-protector-all"
# If we got this far, all prerequisite libraries must be here.
make
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{initdir}
make BUILDROOT=$RPM_BUILD_ROOT install
install -m 755 $RPM_SOURCE_DIR/cups.init $RPM_BUILD_ROOT%{initdir}/cups
find $RPM_BUILD_ROOT/usr/share/cups/model -name "*.ppd" |xargs gzip -n9f
%if %use_alternatives
pushd $RPM_BUILD_ROOT%{_bindir}
for i in cancel lp lpq lpr lprm lpstat; do
mv $i $i.cups
done
cd $RPM_BUILD_ROOT%{_sbindir}
mv lpc lpc.cups
cd $RPM_BUILD_ROOT%{_mandir}/man1
for i in lp lpq lpr lprm lpstat; do
mv $i.1 $i-cups.1
done
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/cancel.1
ln -s lp-cups.1 $RPM_BUILD_ROOT%{_mandir}/man1/cancel-cups.1
cd $RPM_BUILD_ROOT%{_mandir}/man8
mv lpc.8 lpc-cups.8
popd
%endif
mkdir -p $RPM_BUILD_ROOT%{_datadir}/pixmaps $RPM_BUILD_ROOT%{_sysconfdir}/X11/sysconfig $RPM_BUILD_ROOT%{_sysconfdir}/X11/applnk/System $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily
install -c -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_datadir}/pixmaps
install -c -m 644 cups-lpd.real $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/cups-lpd
install -c -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/cups
install -c -m 755 %{SOURCE10} $RPM_BUILD_ROOT%{_libdir}/cups/backend/ncp
install -c -m 755 %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/cups
ln -s ../doc/%{name}-%{version} $RPM_BUILD_ROOT%{_datadir}/%{name}/doc
# Deal with users trying to access the admin tool at
# /usr/share/doc/cups-%{version}/index.html rather than the
# correct http://localhost:631/
for i in admin classes jobs printers; do
mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/$i
cat >$RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/$i/index.html <<EOF
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="refresh" content="2; URL=http://localhost:631/$i" />
<title>CUPS $i</title>
</head>
<body bgcolor="#cccc99" text="#000000" link="#0000ff" vlink="#ff00ff">
<p>You are trying to access the CUPS admin frontend through reading the files.
The correct way to access the CUPS admin frontend is pointing your browser at
<a href="http://localhost:631/">http://localhost:631/</a>.</p>
<p>You should be automatically redirected to the correct URL in 2 seconds.
If your browser does not support redirection, please use
<a href="http://localhost:631/$i">this link</a>.</p>
</body>
</html>
EOF
done
# Ship pstoraster (bug #69573).
install -c -m 755 %{SOURCE6} $RPM_BUILD_ROOT%{_libdir}/cups/filter
install -c -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/cups
# Ship a generic postscript PPD file (#73061)
install -c -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_datadir}/cups/model
%if %use_dbus
# D-BUS configuration.
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d
install -c -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d/cups.conf
%endif
# Remove unshipped files.
rm -rf $RPM_BUILD_ROOT%{_mandir}/cat? $RPM_BUILD_ROOT%{_mandir}/*/cat?
# Remove .pdf from docs, fix links
for pdf in cmp.pdf ipp.pdf sam.pdf spm.pdf ssr.pdf sum.pdf translation.pdf \
idd.pdf overview.pdf sdd.pdf sps.pdf stp.pdf svd.pdf
do
perl -p -i -e "s@$pdf@http://www.cups.org/$pdf@" $RPM_BUILD_ROOT%{_docdir}/cups-%{version}/documentation.html
done
find $RPM_BUILD_ROOT%{_docdir}/cups-%{version} -name *.pdf |xargs rm
%post
/sbin/chkconfig --del cupsd 2>/dev/null || true # Make sure old versions aren't there anymore
/sbin/chkconfig --add cups || true
%if %use_alternatives
/usr/sbin/alternatives --install %{_bindir}/lpr print %{_bindir}/lpr.cups 40 \
--slave %{_bindir}/lp print-lp %{_bindir}/lp.cups \
--slave %{_bindir}/lpq print-lpq %{_bindir}/lpq.cups \
--slave %{_bindir}/lprm print-lprm %{_bindir}/lprm.cups \
--slave %{_bindir}/lpstat print-lpstat %{_bindir}/lpstat.cups \
--slave %{_bindir}/cancel print-cancel %{_bindir}/cancel.cups \
--slave %{_sbindir}/lpc print-lpc %{_sbindir}/lpc.cups \
--slave %{_mandir}/man1/cancel.1.gz print-cancelman %{_mandir}/man1/cancel-cups.1.gz \
--slave %{_mandir}/man1/lp.1.gz print-lpman %{_mandir}/man1/lp-cups.1.gz \
--slave %{_mandir}/man8/lpc.8.gz print-lpcman %{_mandir}/man8/lpc-cups.8.gz \
--slave %{_mandir}/man1/lpq.1.gz print-lpqman %{_mandir}/man1/lpq-cups.1.gz \
--slave %{_mandir}/man1/lpr.1.gz print-lprman %{_mandir}/man1/lpr-cups.1.gz \
--slave %{_mandir}/man1/lprm.1.gz print-lprmman %{_mandir}/man1/lprm-cups.1.gz \
--slave %{_mandir}/man1/lpstat.1.gz print-lpstatman %{_mandir}/man1/lpstat-cups.1.gz \
--initscript cups
%endif
if [ $1 -eq 1 ]; then
# First install. Build ppds.dat.
/sbin/service cups reload >/dev/null 2>&1 || :
fi
exit 0
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%preun
if [ "$1" = "0" ]; then
/sbin/service cups stop > /dev/null 2>&1
/sbin/chkconfig --del cups
%if %use_alternatives
/usr/sbin/alternatives --remove print %{_bindir}/lpr.cups
%endif
fi
exit 0
%postun
if [ "$1" -ge "1" ]; then
/sbin/service cups condrestart > /dev/null 2>&1
fi
exit 0
%triggerin -- samba-client
ln -sf ../../../bin/smbspool %{_libdir}/cups/backend/smb || :
exit 0
%triggerun -- samba-client
[ $2 = 0 ] || exit 0
rm -f %{_libdir}/cups/backend/smb
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%dir %attr(0775,root,sys) /etc/cups
%dir %attr(0711,root,sys) /etc/cups/certs
%config(noreplace) %attr(0640,root,sys) /etc/cups/classes.conf
%config(noreplace) %attr(0640,root,sys) /etc/cups/cupsd.conf
%config(noreplace) %attr(0640,root,sys) /etc/cups/printers.conf
%config(noreplace) /etc/cups/client.conf
/etc/cups/interfaces
%config(noreplace) /etc/cups/mime.types
%config(noreplace) /etc/cups/mime.convs
%dir %attr(0755,root,sys) /etc/cups/ppd
/etc/cups/pstoraster.convs
%config(noreplace) /etc/pam.d/cups
%dir %{_docdir}/cups-%{version}
%{_docdir}/cups-%{version}/images
%{_docdir}/cups-%{version}/*.css
%{_docdir}/cups-%{version}/documentation.html
%{_docdir}/cups-%{version}/??
%{_docdir}/cups-%{version}/admin
%{_docdir}/cups-%{version}/classes
%{_docdir}/cups-%{version}/jobs
%{_docdir}/cups-%{version}/printers
%doc %{_docdir}/cups-%{version}/index.html
%doc %{_docdir}/cups-%{version}/cmp.html
%doc %{_docdir}/cups-%{version}/idd.html
%doc %{_docdir}/cups-%{version}/ipp.html
%doc %{_docdir}/cups-%{version}/overview.html
%doc %{_docdir}/cups-%{version}/sam.html
%doc %{_docdir}/cups-%{version}/sdd.html
%doc %{_docdir}/cups-%{version}/spm.html
%doc %{_docdir}/cups-%{version}/sps.html
%doc %{_docdir}/cups-%{version}/ssr.html
%doc %{_docdir}/cups-%{version}/stp.html
%doc %{_docdir}/cups-%{version}/sum.html
%doc %{_docdir}/cups-%{version}/svd.html
%doc %{_docdir}/cups-%{version}/translation.html
%doc %{_docdir}/cups-%{version}/robots.txt
%config(noreplace) %{initdir}/cups
%{_bindir}/cupstestppd
%{_bindir}/cancel*
%{_bindir}/enable*
%{_bindir}/disable*
%{_bindir}/cupsenable*
%{_bindir}/cupsdisable*
%{_bindir}/lp*
%dir %{_libdir}/cups
%{_libdir}/cups/backend
%{_libdir}/cups/cgi-bin
%dir %{_libdir}/cups/daemon
%{_libdir}/cups/daemon/cups-polld
%{_libdir}/cups/filter
%{_mandir}/man?/*
%{_mandir}/*/man?/*
%{_sbindir}/*
%dir %{_datadir}/cups
%dir %{_datadir}/cups/banners
%config(noreplace) %{_datadir}/cups/banners/*
%{_datadir}/cups/charsets
%{_datadir}/cups/data
%{_datadir}/cups/doc
%{_datadir}/cups/fonts
%{_datadir}/cups/model
%{_datadir}/cups/templates
%{_datadir}/locale/*/*
%dir %attr(1770,root,sys) /var/spool/cups/tmp
%dir %attr(0710,root,sys) /var/spool/cups
%dir %attr(0755,lp,sys) /var/log/cups
%config(noreplace) %{_sysconfdir}/logrotate.d/cups
%{_datadir}/pixmaps/cupsprinter.png
%{_sysconfdir}/cron.daily/cups
%if %use_dbus
%{_sysconfdir}/dbus-1/system.d/cups.conf
%endif
%files libs
%defattr(-,root,root)
%{_libdir}/*.so.*
%files devel
%defattr(-,root,root)
%{_bindir}/cups-config
%{_libdir}/*.so
%{_libdir}/*.a
%{_includedir}/cups
%files lpd
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/xinetd.d/cups-lpd
%dir %{_libdir}/cups
%dir %{_libdir}/cups/daemon
%{_libdir}/cups/daemon/cups-lpd
%changelog
* Mon Feb 06 2006 Matt Anderson <mra(a)hp.com> 1:1.1.23-31
- Applied patch to add support for auditing.
* Tue Jan 17 2006 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-30
- Include 'Autodetected' tag for better integration with autodetection tools.
* Tue Jan 10 2006 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-29
- Apply dest-cache-v2 patch (bug #175847).
* Wed Jan 4 2006 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-28
- Apply patch to fix CVE-2005-3625, CVE-2005-3626, CVE-2005-3627
(bug #176868).
* Mon Dec 19 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-27
- Link pdftops with -z relro.
* Fri Dec 09 2005 Jesse Keating <jkeating(a)redhat.com>
- rebuilt
* Thu Dec 01 2005 John (J5) Palmieri <johnp(a)redhat.com> - 1:1.1.23-26
- rebuild for new dbus
* Tue Nov 8 2005 Tomas Mraz <tmraz(a)redhat.com> 1:1.1.23-25
- rebuilt with new openssl
* Thu Oct 20 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-24
- Build with -fstack-protector-all.
* Sat Oct 15 2005 Florian La Roche <laroche(a)redhat.com> 1:1.1.23-23
- link libcupsimage.so against libcups
* Tue Oct 11 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-22
- Apply patch to fix STR #1301 (bug #169979).
* Thu Oct 6 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-21
- Apply patch to fix STR #1290.
* Wed Oct 5 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-20
- Apply upstream patch for STR #1249.
* Fri Sep 30 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-19
- Use upstream patch for STR #1284.
* Fri Sep 30 2005 Tomas Mraz <tmraz(a)redhat.com>
- use include instead of pam_stack in pam config
* Thu Sep 29 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-18
- Raise IPP_MAX_VALUES to 100 (bug #164232). STR #1284.
- Made FindDest better behaved in some instances (bug #164232). STR #1283.
* Fri Sep 2 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-17
- Fixed CAN-2005-2097 (bug #164510).
* Thu Jun 16 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-16
- Make DeletePrinterFromClass faster (bug #160620).
* Thu Mar 31 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-15
- Don't require exact dbus version, just minimum.
* Thu Mar 10 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-14
- Fixed up dbus patch so that it compiles.
* Wed Mar 9 2005 John (J5) Palmieri <johnp(a)redhat.com>
- Fix up dbus patch
* Mon Mar 7 2005 John (J5) Palmieri <johnp(a)redhat.com> 1:1.1.23-13
- Fixed up dbus patch to work with dbus 0.31
* Tue Mar 1 2005 Tomas Mraz <tmraz(a)redhat.com> 1:1.1.23-12
- rebuild for openssl-0.9.7e
* Tue Feb 22 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-11
- UTF-8-ify spec file (bug #149293).
* Fri Feb 18 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-10
- Fixed build with GCC 4.
* Thu Feb 10 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-9
- Back to old DBUS API since new DBUS isn't built yet.
* Mon Feb 7 2005 Tim Waugh <twaugh(a)redhat.com>
- Use upstream patch for STR #1068.
- Apply patch to fix remainder of CAN-2004-0888 (bug #135378).
* Wed Feb 2 2005 Tim Waugh <twaugh(a)redhat.com>
- Applied patch to prevent occasional cupsd crash on reload (bug #146850).
* Tue Feb 1 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-8
- New DBUS API.
* Tue Feb 1 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-7
- Applied patch to prevent file descriptor confusion (STR #1068).
* Fri Jan 28 2005 Tim Waugh <twaugh(a)redhat.com>
- Build does not require XFree86-devel (bug #146397).
* Thu Jan 27 2005 Tim Waugh <twaugh(a)redhat.com>
- Corrected directory modes so that they reflect what cupsd sets them to.
* Mon Jan 24 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-6
- Build against new dbus.
* Fri Jan 21 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-5
- Use tmpwatch to remove unused files in the spool temporary directory
(bug #110026).
* Thu Jan 20 2005 Tim Waugh <twaugh(a)redhat.com>
- Use gzip's -n flag for the PPDs.
* Thu Jan 20 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-4
- Mark the initscript noreplace (bug #145629).
* Wed Jan 19 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-3
- Applied patch to fix CAN-2005-0064.
* Thu Jan 6 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-2
- Fixed patch from STR #1023.
* Tue Jan 4 2005 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-1
- 1.1.23.
* Mon Dec 20 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.23-0.rc1.1
- 1.1.23rc1.
- No longer need ioctl, ref-before-use, str1023 or str1024 patches.
* Fri Dec 17 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.22-6
- Use upstream patches for bug #143086.
* Thu Dec 16 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.22-5
- Fixed STR #1023 (part of bug #143086).
- Fixed STR #1024 (rest of bug #143086).
* Thu Dec 9 2004 Tim Waugh <twaugh(a)redhat.com>
- Not all files in the doc directory are pure documentation (bug #67337).
* Thu Dec 9 2004 Tim Waugh <twaugh(a)redhat.com>
- Fixed ioctl parameter size in usb backend. Spotted by David A. Marlin.
* Fri Dec 3 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.22-4
- Convert de and fr .tmpl files into UTF-8 (bug #136177).
* Thu Dec 2 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.22-3
- Fix ref-before-use bug in debug output (bug #141585).
* Mon Nov 29 2004 Tim Waugh <twaugh(a)redhat.com>
- Copied "ext" patch over from xpdf RPM package.
* Mon Nov 22 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.22-2
- Fixed cups-lpd file mode (bug #137325).
- Convert all man pages to UTF-8 (bug #107118). Patch from Miloslav Trmac.
* Mon Nov 8 2004 Tim Waugh <twaugh(a)redhat.com>
- New lpd subpackage, from patch by Matthew Galgoci (bug #137325).
* Tue Nov 2 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.22-1
- 1.1.22.
- No longer need ippfail, overread or str970 patches.
* Tue Oct 26 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.22-0.rc2.1
- Make cancel-cups(1) man page point to lp-cups(1) not lp(1) (bug #136973).
- Use upstream patch for STR #953.
- 1.1.22rc2.
* Wed Oct 20 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.22-0.rc1.7
- Prevent filters generating incorrect PS in locales where "," is the
decimal separator (bug #136102). Patch from STR #970.
* Thu Oct 14 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.22-0.rc1.5
- Fixed another typo in last patch!
* Thu Oct 14 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.22-0.rc1.4
- Fixed typo in last patch.
* Thu Oct 14 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.22-0.rc1.3
- Another attempt at fixing bug #135502.
* Wed Oct 13 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.22-0.rc1.2
- Fail better when receiving corrupt IPP responses (bug #135502).
* Mon Oct 11 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.22-0.rc1.1
- 1.1.22rc1.
* Tue Oct 5 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-7
- Set LogFilePerm 0600 in default config file.
* Tue Oct 5 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-6
- Apply patch to fix CAN-2004-0923 (bug #134601).
* Mon Oct 4 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-5
- Fixed reload logic (bug #134080).
* Wed Sep 29 2004 Warren Togami <wtogami(a)redhat.com> 1:1.1.21-4
- Remove .pdf from docs, fix links
* Fri Sep 24 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-3
- Write a pid file (bug #132987).
* Thu Sep 23 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-2
- 1.1.21.
* Thu Sep 9 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-1.rc2.2
- Updated DBUS patch (from Colin Walters).
* Tue Aug 24 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-1.rc2.1
- 1.1.21rc2.
- No longer need state, reload-timeout or str743 patches.
- httpnBase64 patch no longer applies; alternate method implemented
upstream.
- Fix single byte overread in usersys.c (spotted by Colin Walters).
* Wed Aug 18 2004 Tim Waugh <twaugh(a)redhat.com>
- Applied httpnEncode64 patch from Colin Walters.
* Sun Aug 15 2004 Tim Waugh <twaugh(a)redhat.com>
- Session printing patch (Colin Walters). Disabled for now.
* Sun Aug 15 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-1.rc1.9
- Shorter reload timeout (Colin Walters).
- Updated DBUS patch from Colin Walters.
* Fri Aug 13 2004 Tim Waugh <twaugh(a)redhat.com>
- Updated IPP backend IPP_PORT patch from Colin Walters.
* Fri Aug 13 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-1.rc1.8
- Preserve DBUS_SESSION_BUS_ADDRESS in environment (Colin Walters).
- Fixed enabledisable patch.
* Fri Aug 13 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-1.rc1.7
- Bumped DBUS version to 0.22.
* Fri Aug 6 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-1.rc1.6
- Patch from Colin Walters to prevent IPP backend using non-standard
IPP port.
* Sun Aug 1 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-1.rc1.5
- Really bumped DBUS version.
* Fri Jul 30 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-1.rc1.4
- Bumped DBUS version.
* Fri Jul 16 2004 Tim Waugh <twaugh(a)redhat.com>
- Added version to LPRng obsoletes: tag (bug #128024).
* Thu Jul 8 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-1.rc1.3
- Updated DBUS patch.
* Tue Jun 29 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-1.rc1.2
- Apply patch from STR #743 (bug #114999).
* Fri Jun 25 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-1.rc1.1
- Fix permissions on logrotate script (bug #126426).
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Fri Jun 4 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-0.rc1.2
- Build for dbus-0.21.
- Fix SetPrinterState().
* Thu Jun 3 2004 Tim Waugh <twaugh(a)redhat.com>
- Use configure's --with-optim parameter instead of setting OPTIM at
make time (bug #125228).
* Thu Jun 3 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-0.rc1.1
- 1.1.21rc1.
- No longer need str716, str718, authtype or encryption patches.
* Wed Jun 2 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.20-15
- Build on ppc and ppc64 again.
* Wed Jun 2 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.20-14
- ExcludeArch ppc, ppc64.
- More D-BUS changes.
* Tue Jun 1 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.20-13
- Enable optimizations on ia64 again.
* Thu May 27 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.20-12
- D-BUS changes.
* Wed May 26 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.20-11
- Build requires make >= 3.80 (bug #124472).
* Wed May 26 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.20-10
- Finish fix for cupsenable/cupsdisable (bug #102490).
- Fix MaxLogSize setting (bug #123003).
* Tue May 25 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.20-9
- Apply patches from CVS (authtype) to fix STR #434, STR #611, and as a
result STR #719. This fixes several problems including those noted in
bug #114999.
* Mon May 24 2004 Tim Waugh <twaugh(a)redhat.com>
- Use upstream patch for exit code fix for bug #110135 [STR 718].
* Wed May 19 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.20-8
- If cupsd fails to start, make it exit with an appropriate code so that
initlog notifies the user (bug #110135).
* Thu May 13 2004 Tim Waugh <twaugh(a)redhat.com>
- Fix cups/util.c:get_num_sdests() to use encryption when it is necessary
or requested (bug #118982).
- Use upstream patch for the HTTP/1.1 Continue bug (from STR716).
* Tue May 11 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.20-7
- Fix non-conformance with HTTP/1.1, which caused failures when printing
to a Xerox Phaser 8200 via IPP (bug #122352).
- Make lppasswd(1) PIE.
- Rotate logs within cupsd (instead of relying on logrotate) if we start
to approach the filesystem file size limit (bug #123003).
* Tue Apr 6 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.20-6
- Fix pie patch (bug #120078).
* Fri Apr 2 2004 Tim Waugh <twaugh(a)redhat.com>
- Fix rcp patch for new system-config-printer name.
* Tue Mar 02 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Fri Feb 13 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Fri Feb 6 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.20-4
- Tracked D-BUS API changes.
- Updated D-BUS configuration file.
- Symlinks to avoid conflicting with bash builtins (bug #102490).
* Thu Feb 5 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.20-3
- Improved PIE patch.
- Fixed compilation with GCC 3.4.
* Thu Jan 29 2004 Tim Waugh <twaugh(a)redhat.com>
- Don't ship cupsconfig now that nothing uses it.
* Wed Jan 7 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.20-2
- Try harder to find a translated page for the web interface (bug #107619).
- Added build_as_pie conditional to spec file to facilitate debugging.
* Mon Dec 1 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.20-1
- 1.1.20.
- No longer need idefense, str226 patches.
- Updated sanity patch.
- The devel sub-package requires openssl-devel (bug #110772).
* Wed Nov 26 2003 Thomas Woerner <twoerner(a)redhat.com> 1:1.1.19-16
- removed -Wl,-rpath from cups-sharedlibs.m4 (replaced old no_rpath patch)
* Tue Nov 25 2003 Thomas Woerner <twoerner(a)redhat.com> 1:1.1.19-15
- no rpath in cups-config anymore
* Thu Nov 20 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-14
- Enable PIE for cupsd.
* Fri Nov 14 2003 Tim Waugh <twaugh(a)redhat.com>
- Don't ignore the file descriptor when ShutdownClient is called: it
might get closed before we next try to read it (bug #107787).
* Tue Oct 14 2003 Tim Waugh <twaugh(a)redhat.com>
- Removed busy-loop patch; 1.1.19 has its own fix for this.
* Thu Oct 2 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-13
- Apply patch from STR 226 to make CUPS reload better behaved (bug #101507).
* Wed Sep 10 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-12
- Prevent a libcups busy loop (bug #97958).
* Thu Aug 14 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-11
- Another attempt to fix bug #100984.
* Wed Aug 13 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-10
- Pass correct attributes-natural-language through even in the absence
of translations for that language (bug #100984).
- Show compilation command lines.
* Wed Jul 30 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-9
- Prevent lpstat displaying garbage.
* Mon Jul 21 2003 Tim Waugh <twaugh(a)redhat.com>
- Mark mime.convs and mime.types as config files (bug #99461).
* Mon Jun 23 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-8
- Start cupsd before nfs server processes (bug #97767).
* Tue Jun 17 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-7
- Add some %if %use_dbus / %endif's to make it compile without dbus
(bug #97397). Patch from Jos Vos.
* Mon Jun 16 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-6
- Don't busy loop in the client if the IPP port is in use by another
app (bug #97468).
* Tue Jun 10 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-5
- Mark pam.d/cups as config file not to be replaced (bug #92236).
* Wed Jun 04 2003 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Tue Jun 3 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-3
- Provide a version for LPRng (bug #92145).
* Thu May 29 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-2
- Obsolete LPRng now.
* Tue May 27 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-1
- 1.1.19. No longer need optparse patch.
* Sat May 17 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-0.rc5.4
- Ship configuration file for D-BUS.
* Fri May 16 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-0.rc5.3
- Rebuild for dbus-0.11 API changes.
- Fix ownership in file manifest (bug #90840).
* Wed May 14 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-0.rc5.2
- Fix option parsing in lpq (bug #90823).
* Tue May 13 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-0.rc5.1
- 1.1.19rc5.
* Thu May 8 2003 Tim Waugh <twaugh(a)redhat.com> 1:1.1.19-0.rc4.1
- 1.1.19rc4. Ported initscript, idefense, ppdsdat, dbus patches.
- No longer need error, sigchld patches.
- Ship cupstestppd.
* Thu Apr 24 2003 Tim Waugh <twaugh(a)redhat.com>
- Mark banners as config files (bug #89069).
* Sat Apr 12 2003 Havoc Pennington <hp(a)redhat.com> 1:1.1.18-4
- adjust dbus patch - dbus_bus_get() sends the hello for you,
and there were a couple of memleaks
- buildprereq dbus 0.9
- rebuild for new dbus
- hope it works, I'm ssh'd in with no way to test. ;-)
* Thu Apr 10 2003 Tim Waugh <twaugh(a)redhat.com> 1.1.18-3
- Get on D-BUS.
* Fri Mar 28 2003 Tim Waugh <twaugh(a)redhat.com> 1.1.18-2
- Fix translation in the init script (bug #87551).
* Wed Mar 26 2003 Tim Waugh <twaugh(a)redhat.com> 1.1.18-1.1
- Turn off optimization on ia64 until bug #87383 is fixed.
* Wed Mar 26 2003 Tim Waugh <twaugh(a)redhat.com> 1.1.18-1
- 1.1.18.
- No longer need uninit patch.
- Some parts of the iDefense and pdftops patches seem to have been
picked up, but not others.
* Wed Feb 12 2003 Tim Waugh <twaugh(a)redhat.com> 1.1.17-13
- Don't set SIGCHLD to SIG_IGN when using wait4 (via pclose) (bug #84101).
* Tue Feb 4 2003 Tim Waugh <twaugh(a)redhat.com> 1.1.17-12
- Fix cups-lpd (bug #83452).
* Fri Jan 31 2003 Tim Waugh <twaugh(a)redhat.com> 1.1.17-11
- Build ppds.dat on first install.
* Fri Jan 24 2003 Tim Waugh <twaugh(a)redhat.com> 1.1.17-10
- Add support for rebuilding ppds.dat without running the scheduler
proper (for bug #82500).
* Wed Jan 22 2003 Tim Powers <timp(a)redhat.com> 1.1.17-9
- rebuilt
* Wed Jan 22 2003 Tim Waugh <twaugh(a)redhat.com> 1.1.17-8
- Warn against editing queues managed by redhat-config-printer
(bug #82267).
* Wed Jan 22 2003 Tim Waugh <twaugh(a)redhat.com> 1.1.17-7
- Fix up error reporting in lpd backend.
* Thu Jan 9 2003 Tim Waugh <twaugh(a)redhat.com> 1.1.17-6
- Add epoch to internal requirements.
- Make 'condrestart' return success exit code when daemon isn't running.
* Tue Jan 7 2003 Nalin Dahyabhai <nalin(a)redhat.com> 1.1.17-5
- Use pkg-config information to find SSL libraries.
* Thu Dec 19 2002 Tim Waugh <twaugh(a)redhat.com> 1.1.17-4
- Security fixes.
- Make 'service cups reload' update the configuration first (bug #79953).
* Tue Dec 10 2002 Tim Waugh <twaugh(a)redhat.com> 1.1.17-3
- Fix cupsd startup hang (bug #79346).
* Mon Dec 9 2002 Tim Waugh <twaugh(a)redhat.com> 1.1.17-2
- Fix parallel backend behaviour when cancelling jobs.
* Mon Dec 9 2002 Tim Waugh <twaugh(a)redhat.com> 1.1.17-1
- 1.1.17.
- No longer need libdir patch.
- Fix logrotate script (bug #76791).
* Wed Nov 20 2002 Tim Waugh <twaugh(a)redhat.com>
- Build requires XFree86-devel (bug #78362).
* Wed Nov 20 2002 Tim Waugh <twaugh(a)redhat.com>
- 1.1.16.
- Updated system-auth patch.
- Add ncp backend script.
* Wed Nov 13 2002 Tim Waugh <twaugh(a)redhat.com> 1.1.15-15
- Set alternatives priority to 40.
* Mon Nov 11 2002 Nalin Dahyabhai <nalin(a)redhat.com> 1.1.15-14
- Buildrequire pam-devel.
- Patch default PAM config file to remove directory names from module paths,
allowing the configuration files to work equally well on multilib systems.
- Patch default PAM config file to use system-auth, require the file at build-
time because that's what data/Makefile checks for.
* Fri Nov 8 2002 Tim Waugh <twaugh(a)redhat.com> 1.1.15-13
- Use logrotate for log rotation (bug #76791).
- No longer need cups.desktop, since redhat-config-printer handles it.
* Thu Oct 17 2002 Tim Waugh <twaugh(a)redhat.com> 1.1.15-12
- Revert to libdir for CUPS_SERVERBIN.
* Thu Oct 17 2002 Tim Waugh <twaugh(a)redhat.com> 1.1.15-11
- Use %%configure for multilib correctness.
- Use libexec instead of lib for CUPS_SERVERBIN.
- Ship translated man pages.
- Remove unshipped files.
- Fix file list permissions (bug #59021, bug #74738).
- Fix messy initscript output (bug #65857).
- Add 'reload' to initscript (bug #76114).
* Fri Aug 30 2002 Bernhard Rosenkraenzer <bero(a)redhat.de> 1.1.15-10
- Add generic postscript PPD file (#73061)
* Mon Aug 19 2002 Tim Waugh <twaugh(a)redhat.com> 1.1.15-9
- Fix prefix in pstoraster (bug #69573).
* Mon Aug 19 2002 Tim Waugh <twaugh(a)redhat.com> 1.1.15-8
- Disable cups-lpd by default (bug #71712).
- No need for fread patch now that glibc is fixed.
* Thu Aug 15 2002 Tim Waugh <twaugh(a)redhat.com> 1.1.15-7
- Really add cups-lpd xinetd file (bug #63919).
- Ship pstoraster (bug #69573).
- Prevent fread from trying to read from beyond EOF (fixes a segfault
with new glibc).
* Sat Aug 10 2002 Elliot Lee <sopwith(a)redhat.com> 1.1.15-6
- rebuilt with gcc-3.2 (we hope)
* Mon Aug 5 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.15-5
- Add cups-lpd xinetd file (#63919)
* Tue Jul 23 2002 Florian La Roche <Florian.LaRoche(a)redhat.de> 1.1.15-4
- add a "exit 0" to postun script
* Tue Jul 2 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.15-3
- Add a symlink /usr/share/cups/doc -> /usr/share/doc/cups-devel-1.1.15
because some applications expect to find the cups docs in
/usr/share/cups/doc
* Fri Jun 21 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Fri Jun 21 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.15-1
- 1.1.15-1
- Fix up smb printing trigger (samba-client, not samba-clients)
- Start cupsd earlier, apparently it needs to be running before samba
starts up for smb printing to work.
* Thu May 23 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Tue May 7 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.14-17
- Rebuild in current environment
- [-16 never existed because of build system breakage]
* Wed Apr 17 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.14-15
- Fix bug #63387
* Mon Apr 15 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.14-14
- Fix dangling symlink created by samba-clients trigger
* Wed Apr 10 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.14-13
- Add desktop file and icon for CUPS configuration
* Wed Apr 3 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.14-12
- Support SMB printing (#62407)
- Add HTML redirections to doc files to work around users mistaking
/usr/share/doc/cups-1.1.14 for the web frontend (#62405)
* Tue Apr 2 2002 Bill Nottingham <notting(a)redhat.com> 1.1.14-11
- fix subsys in initscript (#59206)
- don't strip binaries
* Mon Mar 11 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.14-10
- Make initscript use killproc instead of killall
* Fri Mar 8 2002 Bill Nottingham <notting(a)redhat.com> 1.1.14-9
- use alternatives --initscript support
* Mon Mar 4 2002 Bill Nottingham <notting(a)redhat.com> 1.1.14-8
- use the right path for the lpc man page, duh
* Thu Feb 28 2002 Bill Nottingham <notting(a)redhat.com> 1.1.14-7
- lpc man page is alternative too
- run ldconfig in -libs %post/%postun, not main
- remove alternatives in %preun
* Wed Feb 27 2002 Bill Nottingham <notting(a)redhat.com> 1.1.14-6
- don't source /etc/sysconfig/network in cups.init, we don't use any
values from it
* Tue Feb 26 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.14-4
- Fix bugs #60220 and #60352
* Thu Feb 21 2002 Tim Powers <timp(a)redhat.com>
- rebuild against correct version of openssl (0.9.6b)
* Wed Feb 20 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.14-2
- Add all man pages to alternatives (#59943)
- Update to real 1.1.14
* Tue Feb 12 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.14-1
- Update to almost-1.1.14
* Mon Feb 11 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.13-5
- Move cups-config to cups-devel subpackage
- Make alternatives usage a %%define to simplify builds for earlier
releases
- Explicitly provide things we're supplying through alternatives
to shut up kdeutils dependencies
* Tue Feb 5 2002 Tim Powers <timp(a)redhat.com>
- shut the alternatives stuff up for good
* Fri Feb 1 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.13-3
- Fix alternatives stuff
- Don't display error messages in %%post
* Wed Jan 30 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.13-2
- alternatives stuff
* Tue Jan 29 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.13-1
- 1.1.13
- Add patch for koi8-{r,u} and iso8859-8 encodings (#59018)
- Rename init scripts so we can safely "killall cupsd" from there
* Sat Jan 26 2002 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.12-1
- Initial (conflicting, since alternatives isn't there yet) packaging for
Red Hat Linux
* Sat Jan 19 2002 Bernhard Rosenkraenzer <bero(a)redhat.com>
- 1.1.12
* Mon Nov 5 2001 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.10-3
- Compress PPD files
- Fix build with gcc 3.1
- Fix init script
* Tue Sep 4 2001 Bernhard Rosenkraenzer <bero(a)redhat.com> 1.1.10-2
- Fix URL
- Generate printcap
- s/Copyright/License/g
* Tue Sep 4 2001 Than Ngo <than(a)redhat.com> 1.1.10-1
- update to 1.1.10-1 for ExtraBinge 7.2
* Tue May 29 2001 Michael Stefaniuc <mstefani(a)redhat.com>
- update to 1.1.8
- changed cupsd.conf to generate /etc/printcap
* Tue May 15 2001 Than Ngo <than(a)redhat.com>
- update to 1.1.7, bugfixes
* Thu Dec 14 2000 Than Ngo <than(a)redhat.com>
- fixed package dependency with lpr and LPRng
* Wed Oct 25 2000 Than Ngo <than(a)redhat.com>
- remove man/cat
* Tue Oct 24 2000 Than Ngo <than(a)redhat.com>
- don't start cupsd service in level 0, fixed
* Thu Oct 19 2000 Than Ngo <than(a)redhat.com>
- update to 1.1.4
- fix CUPS_DOCROOT (Bug #18717)
* Fri Aug 11 2000 Than Ngo <than(a)redhat.de>
- update to 1.1.2 (Bugfix release)
* Fri Aug 4 2000 Than Ngo <than(a)redhat.de>
- fix, cupsd read config file under /etc/cups (Bug #15432)
- add missing cups filters
* Wed Aug 2 2000 Tim Powers <timp(a)redhat.com>
- rebuilt against libpng-1.0.8
* Tue Aug 01 2000 Than Ngo <than(a)redhat.de>
- fix permission, add missing ldconfig in %post and %postun (Bug #14963)
* Sat Jul 29 2000 Bernhard Rosenkraenzer <bero(a)redhat.com>
- 1.1.1 (this has some major bugfixes)
- Fix a typo in initscript (it's $?, not ?$)
- Fix /usr/etc vs. /etc trouble, don't insist on /usr/var (YUCK!)
- Create the spool dir
* Fri Jul 28 2000 Than Ngo <than(a)redhat.de>
- fix unclean code for building against gcc-2.96
- add missing restart function in startup script
* Fri Jul 28 2000 Tim Powers <timp(a)redhat.com>
- fixed initscript so that conrestart doesn't return 1 if the test fails
* Mon Jul 24 2000 Prospector <prospector(a)redhat.com>
- rebuilt
* Wed Jul 19 2000 Than Ngo <than(a)redhat.de>
- using service to fire them up
- fix Prereq section
* Mon Jul 17 2000 Tim Powers <timp(a)redhat.com>
- added defattr to the devel package
* Sun Jul 16 2000 Than Ngo <than(a)redhat.de>
- add cups config files
* Sat Jul 15 2000 Than Ngo <than(a)redhat.de>
- update to 1.1 release
- move back to /etc/rc.d/init.d
- fix cupsd.init to work with /etc/init.d and /etc/rc.d/init.d
- split cups
* Wed Jul 12 2000 Than Ngo <than(a)redhat.de>
- rebuilt
* Thu Jul 06 2000 Tim Powers <timp(a)redhat.com>
- fixed broken PreReq to now require /etc/init.d
* Tue Jun 27 2000 Tim Powers <timp(a)redhat.com>
- PreReq initscripts >= 5.20
* Mon Jun 26 2000 Tim Powers <timp(a)redhat.com>
- started changelog
- fixed init.d script location
- changed script in init.d quite a bit and made more like the rest of our
startup scripts
18 years, 10 months
- 1
- 0
[WIP][PATCH] Audit inotify client
by Amy Griffis
Hello,
This patch allows audit to operate as an inotify client.
It adds a list of parents, which represent the dentry parents of the
filesystem locations to be watched. When created, a parent registers
an inotify watch on itself. If all the audit rules corresponding to a
parent are removed by the admin, the parent removes its inotify watch
before it is destroyed.
Audit's inotify callback, audit_handle_fsevent(), is called following
a specified group of inotify events. These events translate to one of
two activities for audit. It may update rules in the syscall exit
filterlist with a new inode number or the value -1, or it may
implicitly remove all watches and rules associated with a particular
parent (that has been removed from the filesystem).
The patch is based off of Al Viro's audit git tree, applying after
these previously posted patches:
audit rule interface changes:
http://www.redhat.com/archives/linux-audit/2006-January/msg00064.html
http://www.redhat.com/archives/linux-audit/2006-January/msg00082.html
inotify kernel api:
https://www.redhat.com/archives/linux-audit/2006-January/msg00084.html
This patch is still a work in progress. There are a couple of race
conditions that need to be properly handled, as well as some
additional synchronization needed for concurrent manipulations of the
filterlist (list_del_rcu, list_update_rcu, etc.). For this I'm
planning to add a per-element spinlock to be taken for list
manipulations only.
Before finishing up these last pieces, I wanted to post my current
work for comments on the locking approach. Please have a look and let
me know what you think.
Thanks,
Amy
diff --git a/kernel/audit.c b/kernel/audit.c
index bdda766..e8b6b8f 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -55,6 +55,9 @@
#include <net/netlink.h>
#include <linux/skbuff.h>
#include <linux/netlink.h>
+#include <linux/inotify.h>
+
+#include "audit.h"
/* No auditing will take place until audit_initialized != 0.
* (Initialization happens after skb_init is called.) */
@@ -99,6 +102,9 @@ static atomic_t audit_lost = ATOMIC_I
/* The netlink socket. */
static struct sock *audit_sock;
+/* Inotify device. */
+struct inotify_device *audit_idev;
+
/* The audit_freelist is a list of pre-allocated audit buffers (if more
* than AUDIT_MAXFREE are in use, the audit buffer is freed instead of
* being placed on the freelist). */
@@ -564,6 +570,11 @@ static int __init audit_init(void)
audit_initialized = 1;
audit_enabled = audit_default;
audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
+
+ audit_idev = inotify_init(audit_handle_fsevent);
+ if (IS_ERR(audit_idev))
+ audit_panic("cannot initialize inotify device");
+
return 0;
}
__initcall(audit_init);
diff --git a/kernel/audit.h b/kernel/audit.h
index 5033e1f..e6a3135 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -22,6 +22,8 @@
#include <linux/fs.h>
#include <linux/audit.h>
+struct inotify_event;
+
/* 0 = no checking
1 = put_count checking
2 = verbose put_count checking
@@ -52,10 +54,22 @@ enum audit_state {
};
/* Rule lists */
+struct audit_parent {
+ atomic_t count; /* reference count */
+ unsigned long ino; /* associated inode number */
+ u32 wd; /* inotify watch descriptor */
+ struct list_head mlist; /* entry in master_parents */
+ struct list_head watches; /* associated watches */
+ struct semaphore watches_sem; /* protects parent's watches list*/
+};
+
struct audit_watch {
+ atomic_t count; /* reference count */
char *path; /* watch insertion path */
- struct list_head mlist; /* entry in master_watchlist */
struct list_head rules; /* associated rules */
+ struct semaphore rules_sem; /* protects watch's rules list */
+ struct list_head wlist; /* entry in audit_parent.watches list*/
+ struct audit_parent *parent; /* associated parent */
};
struct audit_field {
@@ -86,7 +100,9 @@ struct audit_entry {
extern int audit_pid;
extern int audit_comparator(const u32 left, const u32 op, const u32 right);
-
+extern void audit_handle_fsevent(struct inotify_event *event,
+ const char *name, struct inode * inode,
+ void *ptr);
extern void audit_send_reply(int pid, int seq, int type,
int done, int multi,
void *payload, int size);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 6506084..dbe0c98 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -25,6 +25,7 @@
#include <linux/fs.h>
#include <linux/namei.h>
#include <linux/netlink.h>
+#include <linux/inotify.h>
#include "audit.h"
/* There are three lists of rules -- one to search at task creation
@@ -42,7 +43,84 @@ struct list_head audit_filter_list[AUDIT
#endif
};
-static LIST_HEAD(master_watchlist);
+static LIST_HEAD(master_parents);
+static DEFINE_SPINLOCK(master_parents_lock);
+
+/* Inotify device. */
+extern struct inotify_device *audit_idev;
+
+/* Inotify events we care about. */
+#define AUDIT_FSEVENTS IN_MOVE|IN_CREATE|IN_DELETE|IN_DELETE_SELF|IN_MOVE_SELF
+
+static inline void audit_get_parent(struct audit_parent *parent)
+{
+ atomic_inc(&parent->count);
+}
+
+static inline void audit_put_parent(struct audit_parent *parent)
+{
+ if (atomic_dec_and_test(&parent->count))
+ kfree(parent);
+}
+
+static inline void audit_get_watch(struct audit_watch *watch)
+{
+ atomic_inc(&watch->count);
+}
+
+static inline void audit_put_watch(struct audit_watch *watch)
+{
+ if (atomic_dec_and_test(&watch->count)) {
+ if (watch->parent)
+ audit_put_parent(watch->parent);
+ kfree(watch->path);
+ kfree(watch);
+ }
+}
+
+/* Initialize a parent watch entry. Caller must pin inode (via nameidata). */
+static inline struct audit_parent *audit_init_parent(struct inode *inode)
+{
+ struct audit_parent *parent;
+ u32 wd;
+
+ parent = kmalloc(sizeof(*parent), GFP_KERNEL);
+ if (unlikely(!parent))
+ return ERR_PTR(-ENOMEM);
+
+ INIT_LIST_HEAD(&parent->watches);
+ init_MUTEX(&parent->watches_sem);
+ atomic_set(&parent->count, 0);
+ parent->ino = inode->i_ino;
+ audit_get_parent(parent);
+
+ wd = inotify_add_watch(audit_idev, inode, AUDIT_FSEVENTS, parent);
+ if (wd < 0) {
+ audit_put_parent(parent);
+ return ERR_PTR(wd);
+ }
+ parent->wd = wd;
+
+ return parent;
+}
+
+/* Initialize a watch entry. */
+static inline struct audit_watch *audit_init_watch(char *path)
+{
+ struct audit_watch *watch;
+
+ watch = kmalloc(sizeof(*watch), GFP_KERNEL);
+ if (unlikely(!watch))
+ return ERR_PTR(-ENOMEM);
+
+ INIT_LIST_HEAD(&watch->rules);
+ init_MUTEX(&watch->rules_sem);
+ atomic_set(&watch->count, 0);
+ watch->path = path;
+ audit_get_watch(watch);
+
+ return watch;
+}
/* Unpack a filter field's string representation from user-space
* buffer. */
@@ -75,7 +153,6 @@ static char *audit_unpack_string(void **
static int audit_to_watch(char *path, struct audit_krule *krule, int fidx)
{
struct audit_field *f = &krule->fields[fidx];
- struct nameidata nd;
struct audit_watch *watch;
if (path[0] != '/' || path[f->val-1] == '/' ||
@@ -83,17 +160,13 @@ static int audit_to_watch(char *path, st
f->op & ~AUDIT_EQUAL)
return -EINVAL;
- if (path_lookup(path, 0, &nd) == 0)
- f->val = nd.dentry->d_inode->i_ino;
- else
- f->val = (unsigned int)-1;
- path_release(&nd);
+ watch = audit_init_watch(path);
+ if (unlikely(IS_ERR(watch)))
+ return PTR_ERR(watch);
- watch = kmalloc(sizeof(*watch), GFP_KERNEL);
- if (unlikely(!watch))
- return -ENOMEM;
- watch->path = path;
+ audit_get_watch(watch);
krule->watch = watch;
+ f->val = (unsigned int)-1;
return 0;
}
@@ -325,7 +398,7 @@ static inline int audit_compare_watch(st
* don't match. */
static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b)
{
- int i;
+ int i, nomatch;
if (a->flags != b->flags ||
a->listnr != b->listnr ||
@@ -340,7 +413,8 @@ static int audit_compare_rule(struct aud
switch(a->fields[i].type) {
case AUDIT_WATCH:
- if (audit_compare_watch(a->watch, b->watch))
+ nomatch = audit_compare_watch(a->watch, b->watch);
+ if (nomatch)
return 1;
break;
default:
@@ -356,36 +430,184 @@ static int audit_compare_rule(struct aud
return 0;
}
-static inline void audit_free_watch(struct audit_watch *watch)
+static inline void audit_free_rule(struct audit_entry *e)
{
- kfree(watch->path);
- kfree(watch);
+ if (e->rule.watch)
+ audit_put_watch(e->rule.watch);
+ kfree(e);
}
-static inline void audit_free_rule(struct rcu_head *head)
+static inline void audit_free_rule_rcu(struct rcu_head *head)
{
struct audit_entry *e = container_of(head, struct audit_entry, rcu);
- kfree(e);
+ audit_free_rule(e);
+}
+
+static void audit_update_field(struct audit_krule *krule, u32 type, u32 val)
+{
+ int i;
+ struct audit_entry *old_e, *entry;
+
+ for (i = 0; i < AUDIT_MAX_FIELDS; i++)
+ if (krule->fields[i].type == type) {
+ entry = kmalloc(sizeof(*entry), GFP_KERNEL);
+ if (unlikely(!entry))
+ return; /* XXX */
+
+ old_e = container_of(krule, struct audit_entry, rule);
+ memcpy(entry, old_e, sizeof(struct audit_entry));
+ entry->rule.fields[i].val = val;
+
+ list_replace_rcu(&old_e->list, &entry->list);
+ call_rcu(&old_e->rcu, audit_free_rule_rcu);
+ return;
+ }
+}
+
+static inline void audit_handle_update(struct audit_parent *parent,
+ const char *name, u32 ino)
+{
+ struct audit_watch *w;
+ struct audit_krule *r;
+
+ audit_get_parent(parent);
+ down(&parent->watches_sem);
+ list_for_each_entry(w, &parent->watches, wlist) {
+ audit_get_watch(w);
+ if (strcmp(w->path, name)) { /* XXX */
+ audit_put_watch(w);
+ continue;
+ }
+
+ down(&w->rules_sem);
+ list_for_each_entry(r, &w->rules, rlist)
+ audit_update_field(r, AUDIT_WATCH, ino);
+ up(&w->rules_sem);
+ audit_put_watch(w);
+ }
+ up(&parent->watches_sem);
+ audit_put_parent(parent);
}
-/* Attach krule's watch to master_watchlist, using existing watches
- * when possible. */
-static inline void audit_add_watch(struct audit_krule *krule)
+static inline void audit_handle_removal(struct audit_parent *parent)
{
struct audit_watch *w;
+ struct audit_krule *r;
+ struct audit_entry *e;
+
+ audit_get_parent(parent);
+ down(&parent->watches_sem);
+ list_for_each_entry(w, &parent->watches, wlist) {
+ audit_get_watch(w);
+ down(&w->rules_sem);
+ list_for_each_entry(r, &w->rules, rlist) {
+ e = container_of(r, struct audit_entry, rule);
+ list_del_rcu(&e->list);
+ call_rcu(&e->rcu, audit_free_rule_rcu);
+ }
+ up(&w->rules_sem);
+ audit_put_watch(w);
+ }
+ spin_lock(&master_parents_lock);
+ list_del(&parent->mlist);
+ spin_unlock(&master_parents_lock);
+ up(&parent->watches_sem);
+ audit_put_parent(parent);
+
+}
- list_for_each_entry(w, &master_watchlist, mlist) {
- if (audit_compare_watch(w, krule->watch))
+void audit_handle_fsevent(struct inotify_event *event, const char *name,
+ struct inode *inode, void *ptr)
+{
+ struct audit_parent *parent = (struct audit_parent *)ptr;
+
+ if (event->mask & (IN_CREATE|IN_MOVED_TO) && inode)
+ audit_handle_update(parent, name, (unsigned int)inode->i_ino);
+ else if (event->mask & (IN_DELETE|IN_MOVED_FROM))
+ audit_handle_update(parent, name, (unsigned int)-1);
+ else if (event->mask & (IN_DELETE_SELF|IN_MOVE_SELF))
+ audit_handle_removal(parent);
+}
+
+/* Find an existing parent entry for this watch, or create a new one. */
+static inline struct audit_parent *audit_find_parent(struct inode *inode)
+{
+ struct audit_parent *p, *next, *parent;
+
+ list_for_each_entry_safe(p, next, &master_parents, mlist) {
+ if (p->ino != inode->i_ino)
continue;
- audit_free_watch(krule->watch);
- krule->watch = w;
- list_add(&krule->rlist, &w->rules);
- return;
- }
- INIT_LIST_HEAD(&krule->watch->rules);
- list_add(&krule->rlist, &krule->watch->rules);
- list_add(&krule->watch->mlist, &master_watchlist);
+ audit_get_parent(p); /* hold ref until we take watches_sem */
+ parent = p;
+ goto out;
+ }
+
+ parent = audit_init_parent(inode);
+ if (unlikely(IS_ERR(parent)))
+ goto out;
+
+ audit_get_parent(parent); /* hold ref until we take watches_sem */
+
+ spin_lock(&master_parents_lock);
+ list_add(&parent->mlist, &master_parents);
+ spin_unlock(&master_parents_lock);
+
+out:
+ return parent;
+}
+
+/* Find a matching watch entry, or add this one. */
+static inline int audit_add_watch(struct audit_krule *krule)
+{
+ struct nameidata nd;
+ struct audit_parent *parent;
+ struct audit_watch *w, *watch = krule->watch;
+ int ret = 0;
+
+ ret = path_lookup(watch->path, LOOKUP_PARENT, &nd);
+ if (ret)
+ goto out;
+
+ parent = audit_find_parent(nd.dentry->d_inode);
+ if (IS_ERR(parent)) {
+ ret = PTR_ERR(parent);
+ path_release(&nd);
+ goto out;
+ }
+ path_release(&nd);
+
+ down(&parent->watches_sem);
+ audit_put_parent(parent);
+ list_for_each_entry(w, &parent->watches, wlist) {
+ if (audit_compare_watch(watch, w))
+ continue;
+
+ audit_put_watch(watch); /* krule's ref */
+ audit_put_watch(watch); /* destroy */
+
+ audit_get_watch(w);
+ krule->watch = watch = w;
+ goto add_rule;
+ }
+
+ audit_get_parent(parent);
+ watch->parent = parent;
+ list_add(&watch->wlist, &parent->watches);
+
+add_rule:
+ down(&watch->rules_sem);
+ list_add(&krule->rlist, &watch->rules);
+ up(&watch->rules_sem);
+ up(&parent->watches_sem);
+
+ if (path_lookup(watch->path, 0, &nd) == 0)
+ audit_update_field(krule, AUDIT_WATCH,
+ nd.dentry->d_inode->i_ino);
+ path_release(&nd);
+
+out:
+ return ret;
}
/* Add rule to given filterlist if not a duplicate. Protected by
@@ -394,16 +616,25 @@ static inline int audit_add_rule(struct
struct list_head *list)
{
struct audit_entry *e;
+ int err;
- /* Do not use the _rcu iterator here, since this is the only
- * addition routine. */
- list_for_each_entry(e, list, list) {
- if (!audit_compare_rule(&entry->rule, &e->rule))
- return -EEXIST;
+ /* The *_rcu iterator is needed to protect from filesystem
+ * updates or removals. */
+ rcu_read_lock();
+ list_for_each_entry_rcu(e, list, list) {
+ if (!audit_compare_rule(&entry->rule, &e->rule)) {
+ rcu_read_unlock();
+ err = -EEXIST;
+ goto error;
+ }
}
+ rcu_read_unlock();
- if (entry->rule.watch)
- audit_add_watch(&entry->rule);
+ if (entry->rule.watch) {
+ err = audit_add_watch(&entry->rule);
+ if (err)
+ goto error;
+ }
if (entry->rule.flags & AUDIT_FILTER_PREPEND) {
list_add_rcu(&entry->list, list);
} else {
@@ -411,20 +642,48 @@ static inline int audit_add_rule(struct
}
return 0;
+
+error:
+ if (entry->rule.watch)
+ audit_put_watch(entry->rule.watch);
+ return err;
}
-/* Detach watch from krule, freeing if it has no associated rules. */
-static inline void audit_detach_watch(struct audit_krule *krule)
+/* Remove given krule from watch */
+static inline void audit_remove_watch_krule(struct audit_krule *krule)
{
struct audit_watch *watch = krule->watch;
+ struct audit_parent *parent = krule->watch->parent;
+
+ audit_get_parent(parent);
+ audit_get_watch(watch);
+
+ down(&parent->watches_sem);
+ down(&watch->rules_sem);
- list_del(&krule->rlist);
- krule->watch = NULL;
+ if (!list_empty(&watch->rules))
+ list_del(&krule->rlist);
if (list_empty(&watch->rules)) {
- list_del(&watch->mlist);
- audit_free_watch(watch);
+ if (!list_empty(&parent->watches))
+ list_del(&watch->wlist);
+
+ if (list_empty(&parent->watches)) {
+ spin_lock(&master_parents_lock);
+ list_del(&parent->mlist);
+ spin_unlock(&master_parents_lock);
+
+ inotify_ignore(audit_idev, parent->wd);
+ audit_put_parent(parent);
+ }
+ audit_put_watch(watch);
}
+
+ up(&watch->rules_sem);
+ up(&parent->watches_sem);
+
+ audit_put_watch(watch);
+ audit_put_parent(parent);
}
/* Remove an existing rule from filterlist. Protected by
@@ -433,19 +692,29 @@ static inline int audit_del_rule(struct
struct list_head *list)
{
struct audit_entry *e;
+ int ret = 0;
- /* Do not use the _rcu iterator here, since this is the only
- * deletion routine. */
- list_for_each_entry(e, list, list) {
- if (!audit_compare_rule(&entry->rule, &e->rule)) {
- list_del_rcu(&e->list);
- if (e->rule.watch)
- audit_detach_watch(&e->rule);
- call_rcu(&e->rcu, audit_free_rule);
- return 0;
- }
+ /* The *_rcu iterator is needed to protect from filesystem
+ * updates or removals. */
+ rcu_read_lock();
+ list_for_each_entry_rcu(e, list, list) {
+ if (audit_compare_rule(&entry->rule, &e->rule))
+ continue;
+
+ rcu_read_unlock();
+ if (e->rule.watch)
+ audit_remove_watch_krule(&e->rule);
+ list_del_rcu(&e->list);
+ call_rcu(&e->rcu, audit_free_rule_rcu);
+ goto out;
}
- return -ENOENT; /* No matching rule */
+ rcu_read_unlock();
+ ret = -ENOENT; /* No matching rule */
+
+out:
+ if (entry->rule.watch)
+ audit_put_watch(entry->rule.watch);
+ return ret;
}
/* List rules using struct audit_rule. Exists for backward
@@ -463,10 +732,11 @@ static int audit_list(void *_dest)
down(&audit_netlink_sem);
- /* The *_rcu iterators not needed here because we are
- always called with audit_netlink_sem held. */
+ /* The *_rcu iterator is needed to protect from filesystem
+ * updates or removals. */
for (i=0; i<AUDIT_NR_FILTERS; i++) {
- list_for_each_entry(entry, &audit_filter_list[i], list) {
+ rcu_read_lock();
+ list_for_each_entry_rcu(entry, &audit_filter_list[i], list) {
struct audit_rule *rule;
rule = audit_krule_to_rule(&entry->rule);
@@ -476,6 +746,7 @@ static int audit_list(void *_dest)
rule, sizeof(*rule));
kfree(rule);
}
+ rcu_read_unlock();
}
audit_send_reply(pid, seq, AUDIT_LIST, 1, 1, NULL, 0);
@@ -497,10 +768,11 @@ static int audit_list_rules(void *_dest)
down(&audit_netlink_sem);
- /* The *_rcu iterators not needed here because we are
- always called with audit_netlink_sem held. */
+ /* The *_rcu iterator is needed to protect from filesystem
+ * updates or removals. */
for (i=0; i<AUDIT_NR_FILTERS; i++) {
- list_for_each_entry(e, &audit_filter_list[i], list) {
+ rcu_read_lock();
+ list_for_each_entry_rcu(e, &audit_filter_list[i], list) {
struct audit_rule_data *data;
data = audit_krule_to_data(&e->rule);
@@ -510,6 +782,7 @@ static int audit_list_rules(void *_dest)
data, sizeof(*data) + data->buflen);
kfree(data);
}
+ rcu_read_unlock();
}
audit_send_reply(pid, seq, AUDIT_LIST_RULES, 1, 1, NULL, 0);
@@ -574,11 +847,8 @@ int audit_receive_filter(int type, int p
if (!err)
audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
"auid=%u added an audit rule\n", loginuid);
- else {
- if (entry->rule.watch)
- audit_free_watch(entry->rule.watch);
- kfree(entry);
- }
+ else
+ audit_free_rule(entry);
break;
case AUDIT_DEL:
case AUDIT_DEL_RULE:
@@ -594,9 +864,7 @@ int audit_receive_filter(int type, int p
if (!err)
audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
"auid=%u removed an audit rule\n", loginuid);
- if (entry->rule.watch)
- audit_free_watch(entry->rule.watch);
- kfree(entry);
+ audit_free_rule(entry);
break;
default:
return -EINVAL;
18 years, 10 months
- 1
- 0
audit 1.0.14 released
by Steve Grubb
Hi,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit It currently in FC-4 testing now.
The Changelog is:
- Change auditd to use custom daemonize to avoid race in init scripts
- Update error message when deleting a rule that doesn't exist (#176239)
Please let me if there are any issues with this.
-Steve
18 years, 10 months
- 1
- 0
Re: SELinux Context Label based audit filtering
by Dustin Kirkland
On Fri, 2006-02-03 at 12:44 -0500, Stephen Smalley wrote:
> Having some email difficulties from my usual address, so to quickly
> respond to your questions off-list:
'When at first you don't succeed, try Gmail' :) Words to live by.
> 1) MLS level/range translation is already config-file based, see
> setrans.conf in /etc/selinux/$SELINUXTYPE/setrans.conf (where
> SELINUXTYPE is the policy type defined in /etc/selinux/config).
> libsetrans is what reads that file and provides interfaces for
> translating contexts. libselinux uses libsetrans if present to
> translate all contexts entering or exiting its interfaces to provide
> transparent translation to applications, but in your case, you are
> doing explicit translation of specific fields, so you likely want
> direct libsetrans interfaces.
I see now. This sounds like a sound, sane, easily-configurable approach.
> 2) My point about the delayed asking for contexts for SIDs was simply
> that under the proposed scheme, you don't pre-generate the contexts
> and attach them to the audit context; you only save the SIDs in it,
> and then only generate full contexts if all filters pass and you
> decide to generate an audit message. But that could be an issue since
> allocation could then fail for the context.
And carrying around these SIDs as opposed to the string contexts should
provide enough of an efficiency benefit to merit reworking it as you
propose?
> 3) I might be wrong about being able to completely avoid allocation
> and copying for the user/role/type strings, because of the policy
> reload issue; the old val_to_name arrays would be destroyed upon a
> policy reload. So we might need to perform allocation and copying of
> those (small) strings.
Ok, so requesting from SELinux the individual user or role or type
string as opposed to getting the entire label and having audit slice and
dice it up? If that's what you mean, I may be able to salvage a good
bit of my patch, which would be nice.
> 4) Not sure about how much time I have to dive into this; I can work
> on it some, but I have a constant flow of patches coming my way to
> deal with over on selinux list, and I also have a lot of meetings next
> week (unfortunately), so I'm hesitant to put myself on the critical
> path for this (but in the end, I may have to).
Ok, I understand. I think Steve was going to talk to James Morris to
see if he has any cycles. Otherwise, I'll start looking into it on
Monday. I'm just afraid that in the time it will take you and others to
review my code for these new SElinux api's, you might have been able to
write better api's anyway.
:-Dustin
18 years, 10 months
- 2
- 3
[PATCH 0/2] SELinux Context Label based audit filtering
by Dustin Kirkland
The following two patches provide filtering of audit messages based on
any element of an SELinux context label (user, role, type, category,
sensitivity). The first patch provides the kernel enhancements and the
second patch provides user space enhancements.
This functionality is required for certification by RBAC FAU_SEL.1.1(b)
(Selective Audit), pasted here for reference:
FAU_SEL.1 Selective Audit
FAU_SEL.1.1 The TSF shall be able to include or exclude auditable events
from the set of audited events based on the following attributes:
(a) Object identity, user identity, subject identity, host identity, and
event type
(b) Users belonging to a specified Role and Access types (e.g. delete,
insert) on a particular object
The LSPP/RBACPP certification efforts have taken SELinux roles to
sufficiently satisfy RBAC's dependencies on role labels. An SELinux
label, however, contains additional object classifying elements. Only
incremental effort beyond my original work to add role-based audit
message filtering resulted in the ability for administrators to filter
based on any part of the SELinux label. I expect that functionality to
generally useful and probably expected by users who would have the
ability to filter on roles.
Additionally, I extended my previous work on audit comparators support
to apply to strings, such that label elements may be compared with (=, !
=, >=, <=, >, <). Although supported, the fact that "user_u">"root" is
less useful, than, say "s1"<"s3". Simply the fact that such comparators
are supported should reduce the complexity of some esoteric ranges
various users of audit might require.
These patches make use of the new audit_rule_data structure put forth by
Amy Griffis, which I have been testing extensively during my
development. Her patches are required in order to pass arbitrary length
strings as part of the audit rules to and from the kernel. My patches
depend on two patches she posted on this list (linux-audit(a)redhat.com),
and are identified in the following two messages.
:-Dustin
18 years, 11 months
- 1
- 0
[RFC] libaudit string fields interface
by Amy Griffis
Hello,
Here is a patch against libaudit which adds support for the new
netlink message types and data structure used to specify audit rules
with string fields.
I've been using this patch to test my kernel changes. Hopefully it
can be of some use in adding the remainder of the necessary support to
the audit userspace tools.
Regards,
Amy
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 08cbc9e..c275400 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -234,6 +234,15 @@ int audit_request_rules_list(int fd)
return rc;
}
+int audit_list_rules_data(int fd)
+{
+ int rc = audit_send(fd, AUDIT_LIST_RULES, NULL, 0);
+ if (rc < 0)
+ audit_msg(LOG_WARNING, "Error sending rule list request (%s)",
+ strerror(-rc));
+ return rc;
+}
+
int audit_request_signal_info(int fd)
{
int rc = audit_send(fd, AUDIT_SIGNAL_INFO, NULL, 0);
@@ -338,6 +347,31 @@ int audit_delete_rule(int fd, struct aud
return rc;
}
+int audit_add_rule_data(int fd, struct audit_rule_data *rule)
+{
+ int rc;
+ unsigned int size = sizeof(*rule) + rule->buflen;
+
+ rc = audit_send(fd, AUDIT_ADD_RULE, rule, size);
+ if (rc < 0)
+ audit_msg(LOG_WARNING,
+ "Error sending add rule request (%s)",
+ strerror(-rc));
+ return rc;
+}
+
+int audit_del_rule_data(int fd, struct audit_rule_data *rule)
+{
+ int rc;
+ unsigned int size = sizeof(*rule) + rule->buflen;
+
+ rc = audit_send(fd, AUDIT_DEL_RULE, rule, size);
+ if (rc < 0)
+ audit_msg(LOG_WARNING,
+ "Error sending delete rule request (%s)",
+ strerror(-rc));
+ return rc;
+}
/*
* This function will retreive the loginuid or -1 if there
diff --git a/lib/libaudit.h b/lib/libaudit.h
index a35fd1c..8b2e059 100644
--- a/lib/libaudit.h
+++ b/lib/libaudit.h
@@ -274,6 +274,7 @@ struct audit_reply {
union {
struct audit_status *status;
struct audit_rule *rule;
+ struct audit_rule_data *ruledata;
struct audit_login *login;
const char *message;
struct nlmsgerr *error;
@@ -348,6 +349,7 @@ extern int audit_set_backlog_limit(int
/* AUDIT_LIST */
extern int audit_request_rules_list(int fd);
extern int audit_request_watch_list(int fd);
+extern int audit_list_rules_data(int fd);
/* SIGNAL_INFO */
extern int audit_request_signal_info(int fd);
@@ -359,10 +361,12 @@ extern int audit_remove_watch(int fd, st
/* AUDIT_ADD */
extern int audit_add_rule(int fd, struct audit_rule *rule,
int flags, int action);
+extern int audit_add_rule_data(int fd, struct audit_rule_data *rule);
/* AUDIT_DEL */
extern int audit_delete_rule(int fd, struct audit_rule *rule,
int flags, int action);
+extern int audit_del_rule_data(int fd, struct audit_rule_data *rule);
// These are deprecated...do not use.
extern int audit_send_message(int fd, int type, const char *message);//private
diff --git a/lib/netlink.c b/lib/netlink.c
index e418d12..806e35d 100644
--- a/lib/netlink.c
+++ b/lib/netlink.c
@@ -163,6 +163,7 @@ static int adjust_reply(struct audit_rep
rep->status = NLMSG_DATA(rep->nlh);
break;
case AUDIT_LIST:
+ case AUDIT_LIST_RULES:
rep->rule = NLMSG_DATA(rep->nlh);
break;
case AUDIT_USER:
diff --git a/src/auditd.c b/src/auditd.c
index 2ec6d7e..924a0c7 100644
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -389,6 +389,7 @@ int main(int argc, char *argv[])
case NLMSG_ERROR:
case AUDIT_GET: /* Or these */
case AUDIT_LIST:
+ case AUDIT_LIST_RULES:
case AUDIT_FIRST_DAEMON...AUDIT_LAST_DAEMON:
break;
case AUDIT_SIGNAL_INFO:
18 years, 11 months
- 2
- 1