3:02 p.m.
Steve, if this looks ok to you I will send to netdev.
I compiled and tested with and without CONFIG_AUDITSYSCALL.
-------------------------------------------------------------
This patch disables auditing in ipsec when CONFIG_AUDITSYSCALL
is disabled in the kernel.
This patch also includes a bug fix for xfrm_state.c as a result of original
ipsec audit patch.
Regards,
Joy
diff -urpN linux-2.6.18-patch/include/net/xfrm.h linux-2.6.18-patch.2/include/net/xfrm.h
--- linux-2.6.18-patch/include/net/xfrm.h 2006-11-27 12:29:11.000000000 -0600
+++ linux-2.6.18-patch.2/include/net/xfrm.h 2006-11-28 13:26:49.000000000 -0600
@@ -395,8 +395,13 @@ struct xfrm_audit
uid_t loginuid;
u32 secid;
};
-void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
+
+#ifdef CONFIG_AUDITSYSCALL
+extern void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
struct xfrm_policy *xp, struct xfrm_state *x);
+#else
+#define xfrm_audit_log(a,s,t,r,p,x) do { ; } while (0)
+#endif /* CONFIG_AUDITSYSCALL */
static inline void xfrm_pol_hold(struct xfrm_policy *policy)
{
diff -urpN linux-2.6.18-patch/net/xfrm/xfrm_policy.c
linux-2.6.18-patch.2/net/xfrm/xfrm_policy.c
--- linux-2.6.18-patch/net/xfrm/xfrm_policy.c 2006-11-27 12:29:33.000000000 -0600
+++ linux-2.6.18-patch.2/net/xfrm/xfrm_policy.c 2006-11-28 14:51:09.000000000 -0600
@@ -1955,6 +1955,7 @@ int xfrm_bundle_ok(struct xfrm_policy *p
EXPORT_SYMBOL(xfrm_bundle_ok);
+#ifdef CONFIG_AUDITSYSCALL
/* Audit addition and deletion of SAs and ipsec policy */
void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
@@ -2063,6 +2064,7 @@ void xfrm_audit_log(uid_t auid, u32 sid,
}
EXPORT_SYMBOL(xfrm_audit_log);
+#endif /* CONFIG_AUDITSYSCALL */
int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
{
diff -urpN linux-2.6.18-patch/net/xfrm/xfrm_state.c
linux-2.6.18-patch.2/net/xfrm/xfrm_state.c
--- linux-2.6.18-patch/net/xfrm/xfrm_state.c 2006-11-27 12:29:33.000000000 -0600
+++ linux-2.6.18-patch.2/net/xfrm/xfrm_state.c 2006-11-28 12:58:56.000000000 -0600
@@ -407,7 +407,6 @@ restart:
xfrm_state_hold(x);
spin_unlock_bh(&xfrm_state_lock);
- xfrm_state_delete(x);
err = xfrm_state_delete(x);
xfrm_audit_log(audit_info->loginuid,
audit_info->secid,
3:26 p.m.
On Tue, 2006-11-28 at 15:02 -0600, Joy Latten wrote:
--- linux-2.6.18-patch/include/net/xfrm.h 2006-11-27
12:29:11.000000000 -0600
+++ linux-2.6.18-patch.2/include/net/xfrm.h 2006-11-28 13:26:49.000000000 -0600
@@ -395,8 +395,13 @@ struct xfrm_audit
uid_t loginuid;
u32 secid;
};
-void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
+
+#ifdef CONFIG_AUDITSYSCALL
+extern void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
struct xfrm_policy *xp, struct xfrm_state *x);
+#else
+#define xfrm_audit_log(a,s,t,r,p,x) do { ; } while (0)
+#endif /* CONFIG_AUDITSYSCALL */
static inline void xfrm_pol_hold(struct xfrm_policy *policy)
{
This chunk failed to apply. I believe it is a while space problem with
the second line vs what you sent in the original patch. But I'm not
sure.
Chunk 2 had some fuzz, which may have been a result of being in the RHEL
kernel rather thanupstream.
diff -urpN linux-2.6.18-patch/net/xfrm/xfrm_state.c
linux-2.6.18-patch.2/net/xfrm/xfrm_state.c
--- linux-2.6.18-patch/net/xfrm/xfrm_state.c 2006-11-27 12:29:33.000000000 -0600
+++ linux-2.6.18-patch.2/net/xfrm/xfrm_state.c 2006-11-28 12:58:56.000000000 -0600
@@ -407,7 +407,6 @@ restart:
xfrm_state_hold(x);
spin_unlock_bh(&xfrm_state_lock);
- xfrm_state_delete(x);
err = xfrm_state_delete(x);
xfrm_audit_log(audit_info->loginuid,
audit_info->secid,
what is this? Going back to: [PATCH 1/1]:ipsec audit: additional change
when AUDITSYSCALL is off
I see:
@@ -298,7 +306,13 @@ restart:
xfrm_state_hold(x);
spin_unlock_bh(&xfrm_state_lock);
- xfrm_state_delete(x);
+ err = xfrm_state_delete(x);
+
+ xfrm_audit_log(audit_info->loginuid,
+ audit_info->secid,
+ AUDIT_MAC_IPSEC_DELSA,
+ err ? 0 : 1, NULL, x);
+
xfrm_state_put(x);
Looks like you are deleting a line you already deleted, you are missing
newlines, all sorts of things aren't right.
In any case your second patch doesn't apply on top of the first. Can we
get a single complete patch against 2.6.20-net and get it sent to audit,
netdev, and make sure that jmorris, aviro, and dwmw2(a)infradead.org are
cc'd as absolutely soon as possible?
-Eric
4:37 p.m.
Oh my gosh, sorry!!
I rebased my original lspp patches to 2.6.19-rc6 from kernel.org in
order to send upstream. I wanted to send patch against whatever was
latest in kernel.org.
After sending first patch to netdev, I noticed I had messed up a line
(in xfrm_state.c) when rebasing, although code compiles and still works
fine. This little mess up is not in my lspp patch, just rebased one.
I also needed to allow ipsec auditing to be disabled, so I included
both fixes in one patch. My mistake. The second patch was only built
against my "rebased" 2.6.19-rc6 kernel. I should have also created an
lspp patch for the second change! My fault! I can create one against
lspp56 kerel source for second change and send to you asap. The netdev
patches should be ok since everything sent to netdev was based on
2.6.19-rc6. I think James has already applied in git tree.
Joy
On Fri, 2006-12-01 at 16:26 -0500, Eric Paris wrote:
On Tue, 2006-11-28 at 15:02 -0600, Joy Latten wrote:
> --- linux-2.6.18-patch/include/net/xfrm.h 2006-11-27 12:29:11.000000000 -0600
> +++ linux-2.6.18-patch.2/include/net/xfrm.h 2006-11-28 13:26:49.000000000 -0600
> @@ -395,8 +395,13 @@ struct xfrm_audit
> uid_t loginuid;
> u32 secid;
> };
> -void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
> +
> +#ifdef CONFIG_AUDITSYSCALL
> +extern void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
> struct xfrm_policy *xp, struct xfrm_state *x);
> +#else
> +#define xfrm_audit_log(a,s,t,r,p,x) do { ; } while (0)
> +#endif /* CONFIG_AUDITSYSCALL */
>
> static inline void xfrm_pol_hold(struct xfrm_policy *policy)
> {
This chunk failed to apply. I believe it is a while space problem with
the second line vs what you sent in the original patch. But I'm not
sure.
Chunk 2 had some fuzz, which may have been a result of being in the RHEL
kernel rather thanupstream.
> diff -urpN linux-2.6.18-patch/net/xfrm/xfrm_state.c
linux-2.6.18-patch.2/net/xfrm/xfrm_state.c
> --- linux-2.6.18-patch/net/xfrm/xfrm_state.c 2006-11-27 12:29:33.000000000 -0600
> +++ linux-2.6.18-patch.2/net/xfrm/xfrm_state.c 2006-11-28 12:58:56.000000000 -0600
> @@ -407,7 +407,6 @@ restart:
> xfrm_state_hold(x);
> spin_unlock_bh(&xfrm_state_lock);
>
> - xfrm_state_delete(x);
> err = xfrm_state_delete(x);
> xfrm_audit_log(audit_info->loginuid,
> audit_info->secid,
>
what is this? Going back to: [PATCH 1/1]:ipsec audit: additional change
when AUDITSYSCALL is off
I see:
@@ -298,7 +306,13 @@ restart:
xfrm_state_hold(x);
spin_unlock_bh(&xfrm_state_lock);
- xfrm_state_delete(x);
+ err = xfrm_state_delete(x);
+
+ xfrm_audit_log(audit_info->loginuid,
+ audit_info->secid,
+ AUDIT_MAC_IPSEC_DELSA,
+ err ? 0 : 1, NULL, x);
+
xfrm_state_put(x);
Looks like you are deleting a line you already deleted, you are missing
newlines, all sorts of things aren't right.
In any case your second patch doesn't apply on top of the first. Can we
get a single complete patch against 2.6.20-net and get it sent to audit,
netdev, and make sure that jmorris, aviro, and dwmw2(a)infradead.org are
cc'd as absolutely soon as possible?
-Eric
6595
days inactive
6598
days old
linux-audit@lists.linux-audit.osci.io
3 comments
3 participants
participants (3)
-
Eric Paris -
Joy Latten -
Steve Grubb