Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 150254 Details for
Bug 231912
Laus doesn't audit detach event
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
goto error -> goto err
linux-auditctl.patch (text/plain), 6.48 KB, created by
Bryn M. Reeves
on 2007-03-16 17:18:18 UTC
(
hide
)
Description:
goto error -> goto err
Filename:
MIME Type:
Creator:
Bryn M. Reeves
Created:
2007-03-16 17:18:18 UTC
Size:
6.48 KB
patch
obsolete
>Allow LauS to audit detach events. > >Signed-off-by: mbooth@redhat.com >Signed-off-by: breeves@redhat.com > >Index: linux-2.4.21/drivers/audit/control.c >=================================================================== >--- linux-2.4.21.orig/drivers/audit/control.c >+++ linux-2.4.21/drivers/audit/control.c >@@ -98,6 +98,7 @@ static void __audit_result(struct pt_reg > static void __audit_fork(struct task_struct *, struct task_struct *); > static void __audit_exit(struct task_struct *, long code); > static void __audit_netlink_msg(struct sk_buff *, int); >+static int __audit_control(const int ioctl, const int result); > > #define audit_intercept __audit_intercept > #define audit_result __audit_result >@@ -105,6 +106,8 @@ static void __audit_netlink_msg(struct s > #define audit_fork __audit_fork > #define audit_netlink_msg __audit_netlink_msg > >+#define audit_control __audit_control >+ > static struct audit_hooks audit_hooks = { > __audit_intercept, > __audit_result, >@@ -201,10 +204,18 @@ auditf_ioctl(struct inode *inode, struct > { > struct aud_context *ctx = (struct aud_context *) file->private_data; > int error = 0; >+ int ctlerror = 0; > > DPRINTF("ctx=%p, cmd=0x%x\n", ctx, cmd); >- if (!capable(CAP_SYS_ADMIN)) >- return -EPERM; >+ if (!capable(CAP_SYS_ADMIN)) { >+ error=-EPERM; >+ >+ down_read(&audit_lock); >+ ctlerror = audit_control(cmd, error); >+ up_read(&audit_lock); >+ >+ goto err; >+ } > > switch (cmd) { > case AUIOCIAMAUDITD: >@@ -219,65 +230,77 @@ auditf_ioctl(struct inode *inode, struct > ((struct aud_process *) current->audit)->suspended++; > ctx->reader = 1; > } >+ ctlerror = audit_control(cmd, error); > if (audit_all_processes) > audit_attach_all(); > up_write(&audit_lock); > break; > case AUIOCATTACH: > down_write(&audit_lock); >- /* Attach process. If we're rhe audit daemon, >+ /* Attach process. If we're the audit daemon, > * suspend auditing for us. */ > error = audit_attach(ctx->reader); >+ ctlerror = audit_control(cmd, error); > up_write(&audit_lock); > break; > case AUIOCDETACH: > down_write(&audit_lock); > error = audit_detach(); >+ ctlerror = audit_control(cmd, error); > up_write(&audit_lock); > break; > case AUIOCSUSPEND: > down_write(&audit_lock); > error = audit_suspend(); >+ ctlerror = audit_control(cmd, error); > up_write(&audit_lock); > break; > case AUIOCRESUME: > down_write(&audit_lock); > error = audit_resume(); >+ ctlerror = audit_control(cmd, error); > up_write(&audit_lock); > break; > case AUIOCCLRPOLICY: > down_write(&audit_lock); > error = audit_policy_clear(); >+ ctlerror = audit_control(cmd, error); > up_write(&audit_lock); > break; > case AUIOCCLRFILTER: > down_write(&audit_lock); > error = audit_filter_clear(); >+ ctlerror = audit_control(cmd, error); > up_write(&audit_lock); > break; > case AUIOCSETFILTER: > down_write(&audit_lock); > error = audit_filter_add((void *) arg); >+ ctlerror = audit_control(cmd, error); > up_write(&audit_lock); > break; > case AUIOCSETPOLICY: > down_write(&audit_lock); > error = audit_policy_set((void *) arg); >+ ctlerror = audit_control(cmd, error); > up_write(&audit_lock); > break; > case AUIOCSETAUDITID: > down_write(&audit_lock); > error = audit_setauditid(); >+ ctlerror = audit_control(cmd, error); > up_write(&audit_lock); > break; > case AUIOCLOGIN: > down_read(&audit_lock); > error = audit_login((void *) arg); >+ ctlerror = audit_control(cmd, error); > up_read(&audit_lock); > break; > case AUIOCUSERMESSAGE: > down_read(&audit_lock); > error = audit_user_message((void *) arg); >+ ctlerror = audit_control(cmd, error); > up_read(&audit_lock); > break; > >@@ -286,6 +309,11 @@ auditf_ioctl(struct inode *inode, struct > break; > } > >+err: >+ if (ctlerror < 0) { >+ printk("Error auditing control event %d: %d\n", cmd, ctlerror); >+ } >+ > DPRINTF("done, result=%d\n", error); > return (error); > } >@@ -1082,6 +1110,24 @@ audit_user_message(void *arg) > } > > /* >+ * Process an audit control event >+ */ >+static int >+__audit_control(const int ioctl, const int result) >+{ >+ struct aud_event_data ev; >+ int action; >+ >+ memset(&ev, 0, sizeof(ev)); >+ >+ action = __audit_policy_check(AUD_POLICY_CONTROL, &ev); >+ if (action & AUDIT_LOG) >+ return audit_msg_control(current->audit, ioctl, result); >+ else >+ return 0; >+} >+ >+/* > * Debugging stuff > */ > #ifdef AUDIT_DEBUG_LOCKS >Index: linux-2.4.21/drivers/audit/audit-private.h >=================================================================== >--- linux-2.4.21.orig/drivers/audit/audit-private.h >+++ linux-2.4.21/drivers/audit/audit-private.h >@@ -259,6 +259,7 @@ int audit_msg_login(struct aud_process > struct audit_login *); > int audit_msg_netlink(struct aud_process *, const char *, > struct sk_buff *, int); >+int audit_msg_control(struct aud_process *pinfo, int ioctl, int error); > > int audit_attach(int); > int audit_detach(void); >Index: linux-2.4.21/drivers/audit/message.c >=================================================================== >--- linux-2.4.21.orig/drivers/audit/message.c >+++ linux-2.4.21/drivers/audit/message.c >@@ -361,6 +361,28 @@ audit_msg_exit(struct aud_process *pinfo > } > > /* >+ * Send an audit control event to user land >+ */ >+int >+audit_msg_control(struct aud_process *pinfo, int ioctl, int result) >+{ >+ struct aud_msg_head *msgh; >+ struct aud_msg_control *control_msg; >+ >+ msgh = audit_msg_new(pinfo, AUDIT_MSG_CONTROL, >+ "AUDIT_control", sizeof(*control_msg)); >+ if (IS_ERR(msgh)) >+ return PTR_ERR(msgh); >+ >+ control_msg = (struct aud_msg_control *) &msgh->body.msg_data; >+ control_msg->ioctl = ioctl; >+ control_msg->result = result; >+ >+ audit_msg_insert(msgh); >+ return 0; >+} >+ >+/* > * Log a system call, along with all arguments > */ > int >Index: linux-2.4.21/include/linux/audit.h >=================================================================== >--- linux-2.4.21.orig/include/linux/audit.h >+++ linux-2.4.21/include/linux/audit.h >@@ -62,6 +62,7 @@ enum { > AUD_POLICY_NETLINK, > AUD_POLICY_LOGIN, > AUD_POLICY_USERMSG, >+ AUD_POLICY_CONTROL, > > __AUD_MAX_POLICY > }; >@@ -198,6 +199,14 @@ struct audit_message { > #define AUDIT_TRACE_ALL 1 > > /* >+ * This message is generated whenever there is an ioctl on the audit device >+ */ >+struct aud_msg_control { >+ int ioctl; >+ int result; >+}; >+ >+/* > * This message is generated when a process forks > * or exits, to help auditd with book-keeping. > */ >@@ -270,6 +279,7 @@ struct aud_msg_netlink { > #define AUDIT_MSG_SYSCALL 2 > #define AUDIT_MSG_EXIT 3 > #define AUDIT_MSG_NETLINK 4 >+#define AUDIT_MSG_CONTROL 5 > #define AUDIT_MSG_USERBASE 256 /* user land messages start here */ > > /* Values for msg_arch */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=150254">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 231912
:
149877
|
149955
| 150254