Re: [ARCHIVE DEBUG 03/13] audit_debug: proc instrumentation

What is the permissions on this? Who can view it?

-Steve On Thursday, October 22, 2015 02:58:49 PM Richard Guy Briggs wrote: > Add a /proc/audit entry for debugging to instrument many audit subsystem > internal parameters not normally visible. > > Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com&gt; > --- > include/linux/skbuff.h | 16 ++++++++++++++++ > kernel/audit.c | 48 > ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 64 > insertions(+), 0 deletions(-) > > diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h > index f54d665..bcde922 100644 > --- a/include/linux/skbuff.h > +++ b/include/linux/skbuff.h > @@ -180,6 +180,7 @@ struct sk_buff_head { > > __u32 qlen; > spinlock_t lock; > + __u32 qlen_max; > }; > > struct sk_buff; > @@ -1301,6 +1302,11 @@ static inline __u32 skb_queue_len(const struct > sk_buff_head *list_) return list_->qlen; > } > > +static inline __u32 skb_queue_len_max(const struct sk_buff_head *list_) > +{ > + return list_->qlen_max; > +} > + > /** > * __skb_queue_head_init - initialize non-spinlock portions of sk_buff_head > * @list: queue to initialize > @@ -1354,6 +1360,8 @@ static inline void __skb_insert(struct sk_buff *newsk, > newsk->prev = prev; > next->prev = prev->next = newsk; > list->qlen++; > + if(list->qlen > list->qlen_max) > + list->qlen_max = list->qlen; > } > > static inline void __skb_queue_splice(const struct sk_buff_head *list, > @@ -1381,6 +1389,8 @@ static inline void skb_queue_splice(const struct > sk_buff_head *list, if (!skb_queue_empty(list)) { > __skb_queue_splice(list, (struct sk_buff *) head, head->next); > head->qlen += list->qlen; > + if(head->qlen > head->qlen_max) > + head->qlen_max = head->qlen; > } > } > > @@ -1397,6 +1407,8 @@ static inline void skb_queue_splice_init(struct > sk_buff_head *list, if (!skb_queue_empty(list)) { > __skb_queue_splice(list, (struct sk_buff *) head, head->next); > head->qlen += list->qlen; > + if(head->qlen > head->qlen_max) > + head->qlen_max = head->qlen; > __skb_queue_head_init(list); > } > } > @@ -1412,6 +1424,8 @@ static inline void skb_queue_splice_tail(const struct > sk_buff_head *list, if (!skb_queue_empty(list)) { > __skb_queue_splice(list, head->prev, (struct sk_buff *) head); > head->qlen += list->qlen; > + if(head->qlen > head->qlen_max) > + head->qlen_max = head->qlen; > } > } > > @@ -1429,6 +1443,8 @@ static inline void skb_queue_splice_tail_init(struct > sk_buff_head *list, if (!skb_queue_empty(list)) { > __skb_queue_splice(list, head->prev, (struct sk_buff *) head); > head->qlen += list->qlen; > + if(head->qlen > head->qlen_max) > + head->qlen_max = head->qlen; > __skb_queue_head_init(list); > } > } > diff --git a/kernel/audit.c b/kernel/audit.c > index d4e19fc..82df9fd 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -124,6 +124,7 @@ u32 audit_sig_sid = 0; > 4) suppressed due to audit_backlog_limit > */ > static atomic_t audit_lost = ATOMIC_INIT(0); > +static atomic_t audit_hold_lost = ATOMIC_INIT(0); > > /* The netlink socket. */ > static struct sock *audit_sock; > @@ -381,7 +382,10 @@ static void audit_hold_skb(struct sk_buff *skb) > skb_queue_len(&audit_skb_hold_queue) < audit_backlog_limit)) > skb_queue_tail(&audit_skb_hold_queue, skb); > else > + { > kfree_skb(skb); > + atomic_inc(&audit_hold_lost); > + } > } > > /* > @@ -510,7 +514,10 @@ static void flush_hold_queue(void) > * dequeued an skb we need to drop ref > */ > if (skb) > + { > consume_skb(skb); > + atomic_inc(&audit_hold_lost); > + } > } > > static int kauditd_thread(void *dummy) > @@ -1174,6 +1181,45 @@ static struct pernet_operations audit_net_ops > __net_initdata = { .size = sizeof(struct audit_net), > }; > > +/* Display information about audit subsystem */ > +static int proc_auditstats_show(struct seq_file *m, void *v) > +{ > + //seq_printf(m, "audit_initialized\t%d\n", audit_initialized); > + //seq_printf(m, "audit_enabled\t%u\n", audit_enabled); > + //seq_printf(m, "audit_ever_enabled\t%u\n", audit_ever_enabled); > + //seq_printf(m, "audit_default\t%u\n", audit_default); > + //seq_printf(m, "audit_failure\t%u\n", audit_failure); > + seq_printf(m, "audit_pid\t\t\t%d\n", audit_pid); > + //seq_printf(m, "audit_nlk_portid\t%u\n", audit_nlk_portid); > + //seq_printf(m, "audit_rate_limit\t%u\n", audit_rate_limit); > + //seq_printf(m, "audit_backlog_limit\t%u\n", audit_backlog_limit); > + //seq_printf(m, "audit_backlog_wait_time\t%u\n", audit_backlog_wait_time); > + //seq_printf(m, "audit_sig_uid\t%u\n", from_kuid(&init_user_ns, > audit_sig_uid)); + //seq_printf(m, "audit_sig_pid\t%d\n", audit_sig_pid); > + //seq_printf(m, "audit_sig_sid\t%u\n", audit_sig_sid); > + seq_printf(m, "audit_lost\t\t\t%d\n", atomic_read(&audit_lost)); > + seq_printf(m, "audit_hold_lost\t\t\t%d\n", atomic_read(&audit_hold_lost)); > + seq_printf(m, "audit_freelist_count\t\t%u\n", audit_freelist_count); > + seq_printf(m, "audit_skb_queue len\t\t%d\n", > skb_queue_len(&audit_skb_queue)); + seq_printf(m, "audit_skb_queue > len_max\t\t%d\n", skb_queue_len_max(&audit_skb_queue)); + seq_printf(m, > "audit_skb_hold_queue len\t%d\n", skb_queue_len(&audit_skb_hold_queue)); > + seq_printf(m, "audit_skb_hold_queue len_max\t%d\n", > skb_queue_len_max(&audit_skb_hold_queue)); + > + return 0; > +} > + > +static int auditstats_open(struct inode *inode, struct file *file) > +{ > + return single_open(file, proc_auditstats_show, NULL); > +} > + > +static const struct file_operations proc_auditstats_operations = { > + .open = auditstats_open, > + .read = seq_read, > + .llseek = seq_lseek, > + .release = single_release, > +}; > + > /* Initialize audit support at boot time. */ > static int __init audit_init(void) > { > @@ -1197,6 +1243,8 @@ static int __init audit_init(void) > for (i = 0; i < AUDIT_INODE_BUCKETS; i++) > INIT_LIST_HEAD(&audit_inode_hash[i]); > > + proc_create("audit", 0, NULL, &proc_auditstats_operations); > + > return 0; > } > __initcall(audit_init); -- Linux-audit mailing list Linux-audit(a)redhat.com https://www.redhat.com/mailman/listinfo/linux-audit