Merge tag 'audit-pr-20190507' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
Pull audit updates from Paul Moore:
"We've got a reasonably broad set of audit patches for the v5.2 merge
window, the highlights are below:
- The biggest change, and the source of all the arch/* changes, is
the patchset from Dmitry to help enable some of the work he is
doing around PTRACE_GET_SYSCALL_INFO.
To be honest, including this in the audit tree is a bit of a
stretch, but it does help move audit a little further along towards
proper syscall auditing for all arches, and everyone else seemed to
agree that audit was a "good" spot for this to land (or maybe they
just didn't want to merge it? dunno.).
- We can now audit time/NTP adjustments.
- We continue the work to connect associated audit records into a
single event"
* tag 'audit-pr-20190507' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: (21 commits)
audit: fix a memory leak bug
ntp: Audit NTP parameters adjustment
timekeeping: Audit clock adjustments
audit: purge unnecessary list_empty calls
audit: link integrity evm_write_xattrs record to syscall event
syscall_get_arch: add "struct task_struct *" argument
unicore32: define syscall_get_arch()
Move EM_UNICORE to uapi/linux/elf-em.h
nios2: define syscall_get_arch()
nds32: define syscall_get_arch()
Move EM_NDS32 to uapi/linux/elf-em.h
m68k: define syscall_get_arch()
hexagon: define syscall_get_arch()
Move EM_HEXAGON to uapi/linux/elf-em.h
h8300: define syscall_get_arch()
c6x: define syscall_get_arch()
arc: define syscall_get_arch()
Move EM_ARCOMPACT and EM_ARCV2 to uapi/linux/elf-em.h
audit: Make audit_log_cap and audit_copy_inode static
audit: connect LOGIN record to its syscall record
...
This commit is contained in:
Linus Torvalds
@@ -192,7 +192,8 @@ static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
|
||||
if (count > XATTR_NAME_MAX)
|
||||
return -E2BIG;
|
||||
|
||||
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_EVM_XATTR);
|
||||
ab = audit_log_start(audit_context(), GFP_KERNEL,
|
||||
AUDIT_INTEGRITY_EVM_XATTR);
|
||||
if (!ab)
|
||||
return -ENOMEM;
|
||||
|
||||
@@ -214,6 +215,9 @@ static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
|
||||
if (len && xattr->name[len-1] == '\n')
|
||||
xattr->name[len-1] = '\0';
|
||||
|
||||
audit_log_format(ab, "xattr=");
|
||||
audit_log_untrustedstring(ab, xattr->name);
|
||||
|
||||
if (strcmp(xattr->name, ".") == 0) {
|
||||
evm_xattrs_locked = 1;
|
||||
newattrs.ia_mode = S_IFREG | 0440;
|
||||
@@ -222,15 +226,11 @@ static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
|
||||
inode_lock(inode);
|
||||
err = simple_setattr(evm_xattrs, &newattrs);
|
||||
inode_unlock(inode);
|
||||
audit_log_format(ab, "locked");
|
||||
if (!err)
|
||||
err = count;
|
||||
goto out;
|
||||
}
|
||||
|
||||
audit_log_format(ab, "xattr=");
|
||||
audit_log_untrustedstring(ab, xattr->name);
|
||||
|
||||
if (strncmp(xattr->name, XATTR_SECURITY_PREFIX,
|
||||
XATTR_SECURITY_PREFIX_LEN) != 0) {
|
||||
err = -EINVAL;
|
||||
|
||||
Reference in New Issue
Block a user