I'm currently uploading a 2.6.15-1.1826.2.8.2.1_FC5.lspp.5 kernel
package, based on the kernel branch for Fedora Core 5 Test 2, to
http://david.woodhou.se/lspp/kernel/
This contains only the patches which are currently in my git tree at
http://git.kernel.org/git/?p=linux/kernel/git/dwmw2/audit-2.6.git -- I'd
like to send the contents of that tree to Linus now that 2.6.15 is
released. OK?
This is the changelog:
commit efe4c9decd99b905e599fde2a00b73e70176d63a
tree d8402fcd24a44573f6073dc51f79905aa62cc1ee
parent 73bb3c2ee49e216264db6edd441754598978f43d
author David Woodhouse <dwmw2(a)infradead.org> Fri, 18 Nov 2005 14:43:54 +0000
committer David Woodhouse <dwmw2(a)infradead.org> Fri, 18 Nov 2005 14:43:54 +0000
[AUDIT] Fix IA64 success/failure indication in syscall auditing.
Original 2.6.9 patch and explanation from somewhere within HP via
bugzilla...
ia64 stores a success/failure code in r10, and the return value (normal
return, or *positive* errno) in r8. The patch also sets the exit code to
negative errno if it's a failure result for consistency with other
architectures.
Signed-off-by: David Woodhouse <dwmw2(a)infradead.org>
commit 287b3527d50bcc5fa26acdb4d25b76b9cb503610
tree 7760273dbe190a1d6702fafa81ca56f34d9be8b5
parent cf85b1baa8ad2adfe0cf86b05b7913b5f655fa98
author Dustin Kirkland <dustin.kirkland(a)us.ibm.com> Wed, 16 Nov 2005 15:53:13 +0000
committer David Woodhouse <dwmw2(a)infradead.org> Wed, 16 Nov 2005 15:53:13 +0000
[AUDIT] Miscellaneous bug and warning fixes
This patch fixes a couple of bugs revealed in new features recently
added to -mm1:
* fixes warnings due to inconsistent use of const struct inode *inode
* fixes bug that prevent a kernel from booting with audit on, and SELinux off
due to a missing function in security/dummy.c
* fixes a bug that throws spurious audit_panic() messages due to a missing
return just before an error_path label
* some reasonable house cleaning in audit_ipc_context(),
audit_inode_context(), and audit_log_task_context()
Signed-off-by: Dustin Kirkland <dustin.kirkland(a)us.ibm.com>
Signed-off-by: David Woodhouse <dwmw2(a)infradead.org>
commit cf85b1baa8ad2adfe0cf86b05b7913b5f655fa98
tree 8795faf34565dc6643bf4e908d9b01dcbe1d8f10
parent 251dd82c7124db3fa7b88c4847e6eb25d59621cc
author Andrew Morton <akpm(a)osdl.org> Mon, 07 Nov 2005 10:32:39 +0000
committer David Woodhouse <dwmw2(a)infradead.org> Mon, 07 Nov 2005 10:32:39 +0000
[AUDIT] Fix !CONFIG_AUDIT definition of audit_ipc_perms()
It gained an extra argument.
Signed-off-by: Andrew Morton <akpm(a)osdl.org>
Signed-off-by: David Woodhouse <dwmw2(a)infradead.org>
commit 251dd82c7124db3fa7b88c4847e6eb25d59621cc
tree fc27f08edcfe1ebf8872ebc31e0fcf2ec8e88bd1
parent 184d50aa366f710442fe639b058c0d4a593c21fe
author Andrew Morton <akpm(a)osdl.org> Mon, 07 Nov 2005 10:31:12 +0000
committer David Woodhouse <dwmw2(a)infradead.org> Mon, 07 Nov 2005 10:31:12 +0000
[AUDIT] Remove superfluous check for kfree(NULL)
Signed-off-by: Andrew Morton <akpm(a)osdl.org>
Signed-off-by: David Woodhouse <dwmw2(a)infradead.org>
commit 40bfd914033fbb9d8d9dfb34910a0506b5077e8c
tree 5fd7ca4eb5856064509a63cedb938c97d5d53b66
parent d0cf88729b22b89af17a747cb30b78c7a914a316
author Dustin Kirkland <dustin.kirkland(a)us.ibm.com> Fri, 04 Nov 2005 08:03:53 +0000
committer David Woodhouse <dwmw2(a)infradead.org> Fri, 04 Nov 2005 08:03:53 +0000
[AUDIT] Fix logic error in audit_filter_exclude()
There's supposed to be an implicit AND between all subsequent rules in a
given filter list. There's supposed to be an implicit OR between all
subsequent filters of a given type. The way the audit_filter_exclude()
code currently operates, it forces an implicit AND between all rules in
all exclude filters. This trivial patch fixes that problem with correct
logic. If any one of the rules fails in a given list, break out of
examining that list and move on to the next list. If all rules succeed
in a given list, return 1.
Signed-off-by: Dustin Kirkland <dustin.kirkland(a)us.ibm.com>
Signed-off-by: David Woodhouse <dwmw2(a)infradead.org>
commit d0cf88729b22b89af17a747cb30b78c7a914a316
tree dc882d918c525cf5993d052135f6fd62a84f5616
parent f39d1c7bcc4e32c10d0815f2dbb7ec0890acd21c
author Dustin Kirkland <dustin.kirkland(a)us.ibm.com> Thu, 03 Nov 2005 17:15:16 +0000
committer David Woodhouse <dwmw2(a)infradead.org> Thu, 03 Nov 2005 17:15:16 +0000
[AUDIT] Capture selinux subject/object context information.
This patch extends existing audit records with subject/object context
information. Audit records associated with filesystem inodes, ipc, and
tasks now contain SELinux label information in the field "subj" if the
item is performing the action, or in "obj" if the item is the receiver
of an action.
These labels are collected via hooks in SELinux and appended to the
appropriate record in the audit code.
This additional information is required for Common Criteria Labeled
Security Protection Profile (LSPP).
Signed-off-by: Dustin Kirkland <dustin.kirkland(a)us.ibm.com>
Signed-off-by: David Woodhouse <dwmw2(a)infradead.org>
commit f39d1c7bcc4e32c10d0815f2dbb7ec0890acd21c
tree f3e07c498121a63e90a3fbfe5401def695cb800c
parent eaa82a665dfab434b194ad8018fbebbc084e87c0
author Dustin Kirkland <dustin.kirkland(a)us.ibm.com> Thu, 03 Nov 2005 16:12:36 +0000
committer David Woodhouse <dwmw2(a)infradead.org> Thu, 03 Nov 2005 16:12:36 +0000
[AUDIT] Exclude messages by message type
- Add a new, 5th filter called "exclude".
- And add a new field AUDIT_MSGTYPE.
- Define a new function audit_filter_exclude() that takes a message type
as input and examines all rules in the filter. It returns '1' if the
message is to be excluded, and '0' otherwise.
- Call the audit_filter_exclude() function near the top of
audit_log_start() just after asserting audit_initialized. If the
message type is not to be audited, return NULL very early, before
doing a lot of work.
Signed-off-by: Dustin Kirkland <dustin.kirkland(a)us.ibm.com>
Signed-off-by: David Woodhouse <dwmw2(a)infradead.org>
commit eaa82a665dfab434b194ad8018fbebbc084e87c0
tree a972b384869466f7350e50eeb92ff1eb8ceb5313
parent 4b1191d552f513aa3b275c821932471ef2152d3d
author Amy Griffis <amy.griffis(a)hp.com> Thu, 03 Nov 2005 16:00:25 +0000
committer David Woodhouse <dwmw2(a)infradead.org> Thu, 03 Nov 2005 16:00:25 +0000
[AUDIT] Collect more inode information during syscall processing.
This patch augments the collection of inode info during syscall
processing. It represents part of the functionality that was provided
by the auditfs patch included in RHEL4.
Specifically, it:
- Collects information for target inodes created or removed during
syscalls. Previous code only collects information for the target
inode's parent.
- Adds the audit_inode() hook to syscalls that operate on a file
descriptor (e.g. fchown), enabling audit to do inode filtering for
these calls.
- Modifies filtering code to check audit context for either an inode #
or a parent inode # matching a given rule.
- Modifies logging to provide inode # for both parent and child.
- Protect debug info from NULL audit_names.name.
Signed-off-by: Amy Griffis <amy.griffis(a)hp.com>
Signed-off-by: David Woodhouse <dwmw2(a)infradead.org>
commit 4b1191d552f513aa3b275c821932471ef2152d3d
tree 2b9bb7397f448f1642a8f27df328d58a89cb7701
parent 5c9dcc2d902dc946cdce8913ad3d7e0e1cdb8cc4
author Amy Griffis <amy.griffis(a)hp.com> Thu, 03 Nov 2005 15:57:06 +0000
committer David Woodhouse <dwmw2(a)infradead.org> Thu, 03 Nov 2005 15:57:06 +0000
Pass dentry, not just name, in fsnotify creation hooks.
The audit hooks (to be added shortly) will want to see dentry->d_inode
too, not just the name.
Signed-off-by: Amy Griffis <amy.griffis(a)hp.com>
Signed-off-by: David Woodhouse <dwmw2(a)infradead.org>
commit 5c9dcc2d902dc946cdce8913ad3d7e0e1cdb8cc4
tree 384e054fab107ad40a02c64296895f7697a047be
parent 8e2705a286ebfbe1ad5f098becab5fd257f7ec81
author Steve Grubb <sgrubb(a)redhat.com> Thu, 03 Nov 2005 15:48:08 +0000
committer David Woodhouse <dwmw2(a)infradead.org> Thu, 03 Nov 2005 15:48:08 +0000
[AUDIT] Define new range of userspace messages.
The attached patch updates various items for the new user space
messages. Please apply.
Signed-off-by: Steve Grubb <sgrubb(a)redhat.com>
Signed-off-by: David Woodhouse <dwmw2(a)infradead.org>
commit 8e2705a286ebfbe1ad5f098becab5fd257f7ec81
tree 171c0c268933c7c2f643d68c625c169392eeb7b8
parent de8c398a7b5f4ce4766f45ae9542bf32d63595be
author Dustin Kirkland <dustin.kirkland(a)us.ibm.com> Thu, 03 Nov 2005 15:41:46 +0000
committer David Woodhouse <dwmw2(a)infradead.org> Thu, 03 Nov 2005 15:41:46 +0000
[AUDIT] Filter rule comparators
Currently, audit only supports the "=" and "!=" operators in the
-F
filter rules.
This patch reworks the support for "=" and "!=", and adds support
for ">", ">=", "<", and "<=".
This turned out to be a pretty clean, and simply process. I ended up
using the high order bits of the "field", as suggested by Steve and Amy.
This allowed for no changes whatsoever to the netlink communications.
See the documentation within the patch in the include/linux/audit.h
area, where there is a table that explains the reasoning of the bitmask
assignments clearly.
The patch adds a new function, audit_comparator(left, op, right).
This function will perform the specified comparison (op, which defaults
to "==" for backward compatibility) between two values (left and right).
If the negate bit is on, it will negate whatever that result was. This
value is returned.
Signed-off-by: Dustin Kirkland <dustin.kirkland(a)us.ibm.com>
Signed-off-by: David Woodhouse <dwmw2(a)infradead.org>
commit 1cce80e3d890237fc39f244c48d22fe6ed0ea522
tree 7e26791e7661494fb34076fa1e0c1e6bdc6aa010
parent c77054e518d9163578cfcad09826d7b959f95ece
author Randy Dunlap <rdunlap(a)xenotime.net> Tue, 13 Sep 2005 12:47:11 -0700
committer David Woodhouse <dwmw2(a)baythorne.infradead.org> Mon, 03 Oct 2005 15:50:31
+0100
AUDIT: kerneldoc for kernel/audit*.c
- add kerneldoc for non-static functions;
- don't init static data to 0;
- limit lines to < 80 columns;
- fix long-format style;
- delete whitespace at end of some lines;
(chrisw: resend and update to current audit-2.6 tree)
Signed-off-by: Randy Dunlap <rdunlap(a)xenotime.net>
Signed-off-by: Chris Wright <chrisw(a)osdl.org>
Signed-off-by: David Woodhouse <dwmw2(a)infradead.org>
--
dwmw2