#
3104d0e9 |
| 28-Dec-2023 |
Li zeming <zeming@nfschina.com> |
audit: remove unnecessary assignment in audit_dupe_lsm_field()
The ret variable is assigned when it does not need to be defined, as it has already been assigned before use.
Signed-off-by: Li zeming
audit: remove unnecessary assignment in audit_dupe_lsm_field()
The ret variable is assigned when it does not need to be defined, as it has already been assigned before use.
Signed-off-by: Li zeming <zeming@nfschina.com> [PM: rewrite subject line] Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
b1a0f64c |
| 15-Aug-2023 |
Atul Kumar Pant <atulpant.linux@gmail.com> |
audit: move trailing statements to next line
Fixes following checkpatch.pl issue: ERROR: trailing statements should be on next line
Signed-off-by: Atul Kumar Pant <atulpant.linux@gmail.com> [PM: su
audit: move trailing statements to next line
Fixes following checkpatch.pl issue: ERROR: trailing statements should be on next line
Signed-off-by: Atul Kumar Pant <atulpant.linux@gmail.com> [PM: subject line tweak] Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
62acadda |
| 15-Aug-2023 |
Atul Kumar Pant <atulpant.linux@gmail.com> |
audit: add space before parenthesis and around '=', "==", and '<'
Fixes following checkpatch.pl issue: ERROR: space required before the open parenthesis '(' ERROR: spaces required around that '=' ER
audit: add space before parenthesis and around '=', "==", and '<'
Fixes following checkpatch.pl issue: ERROR: space required before the open parenthesis '(' ERROR: spaces required around that '=' ERROR: spaces required around that '<' ERROR: spaces required around that '=='
Signed-off-by: Atul Kumar Pant <atulpant.linux@gmail.com> [PM: subject line tweaks] Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
30561b51 |
| 17-Dec-2021 |
Xiu Jianfeng <xiujianfeng@huawei.com> |
audit: use struct_size() helper in audit_[send|make]_reply()
Make use of struct_size() helper instead of an open-coded calculation.
Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Xiu
audit: use struct_size() helper in audit_[send|make]_reply()
Make use of struct_size() helper instead of an open-coded calculation.
Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
bc6e60a4 |
| 14-Dec-2021 |
Xiu Jianfeng <xiujianfeng@huawei.com> |
audit: use struct_size() helper in kmalloc()
Make use of struct_size() helper instead of an open-coded calucation.
Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Xiu Jianfeng <xiujia
audit: use struct_size() helper in kmalloc()
Make use of struct_size() helper instead of an open-coded calucation.
Link: https://github.com/KSPP/linux/issues/160 Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
6326948f |
| 29-Sep-2021 |
Paul Moore <paul@paul-moore.com> |
lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()
The security_task_getsecid_subj() LSM hook invites misuse by allowing callers to specify a task even though the hook is only sa
lsm: security_task_getsecid_subj() -> security_current_getsecid_subj()
The security_task_getsecid_subj() LSM hook invites misuse by allowing callers to specify a task even though the hook is only safe when the current task is referenced. Fix this by removing the task_struct argument to the hook, requiring LSM implementations to use the current task. While we are changing the hook declaration we also rename the function to security_current_getsecid_subj() in an effort to reinforce that the hook captures the subjective credentials of the current task and not an arbitrary task on the system.
Reviewed-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
67daf270 |
| 19-Apr-2021 |
Paul Moore <paul@paul-moore.com> |
audit: add filtering for io_uring records
This patch adds basic audit io_uring filtering, using as much of the existing audit filtering infrastructure as possible. In order to do this we reuse the
audit: add filtering for io_uring records
This patch adds basic audit io_uring filtering, using as much of the existing audit filtering infrastructure as possible. In order to do this we reuse the audit filter rule's syscall mask for the io_uring operation and we create a new filter for io_uring operations as AUDIT_FILTER_URING_EXIT/audit_filter_list[7].
Thanks to Richard Guy Briggs for his review, feedback, and work on the corresponding audit userspace changes.
Acked-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
4ebd7651 |
| 19-Feb-2021 |
Paul Moore <paul@paul-moore.com> |
lsm: separate security_task_getsecid() into subjective and objective variants
Of the three LSMs that implement the security_task_getsecid() LSM hook, all three LSMs provide the task's objective secu
lsm: separate security_task_getsecid() into subjective and objective variants
Of the three LSMs that implement the security_task_getsecid() LSM hook, all three LSMs provide the task's objective security credentials. This turns out to be unfortunate as most of the hook's callers seem to expect the task's subjective credentials, although a small handful of callers do correctly expect the objective credentials.
This patch is the first step towards fixing the problem: it splits the existing security_task_getsecid() hook into two variants, one for the subjective creds, one for the objective creds.
void security_task_getsecid_subj(struct task_struct *p, u32 *secid); void security_task_getsecid_obj(struct task_struct *p, u32 *secid);
While this patch does fix all of the callers to use the correct variant, in order to keep this patch focused on the callers and to ease review, the LSMs continue to use the same implementation for both hooks. The net effect is that this patch should not change the behavior of the kernel in any way, it will be up to the latter LSM specific patches in this series to change the hook implementations and return the correct credentials.
Acked-by: Mimi Zohar <zohar@linux.ibm.com> (IMA) Acked-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
df561f66 |
| 23-Aug-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
treewide: Use fallthrough pseudo-keyword
Replace the existing /* fall through */ comments and its variants with the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary fall-through mar
treewide: Use fallthrough pseudo-keyword
Replace the existing /* fall through */ comments and its variants with the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary fall-through markings when it is the case.
[1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
show more ...
|
#
3054d067 |
| 21-Apr-2020 |
Paul Moore <paul@paul-moore.com> |
audit: fix a net reference leak in audit_list_rules_send()
If audit_list_rules_send() fails when trying to create a new thread to send the rules it also fails to cleanup properly, leaking a referenc
audit: fix a net reference leak in audit_list_rules_send()
If audit_list_rules_send() fails when trying to create a new thread to send the rules it also fails to cleanup properly, leaking a reference to a net structure. This patch fixes the error patch and renames audit_send_list() to audit_send_list_thread() to better match its cousin, audit_send_reply_thread().
Reported-by: teroincn@gmail.com Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
2ad3e17e |
| 23-Feb-2020 |
Paul Moore <paul@paul-moore.com> |
audit: fix error handling in audit_data_to_entry()
Commit 219ca39427bf ("audit: use union for audit_field values since they are mutually exclusive") combined a number of separate fields in the audit
audit: fix error handling in audit_data_to_entry()
Commit 219ca39427bf ("audit: use union for audit_field values since they are mutually exclusive") combined a number of separate fields in the audit_field struct into a single union. Generally this worked just fine because they are generally mutually exclusive. Unfortunately in audit_data_to_entry() the overlap can be a problem when a specific error case is triggered that causes the error path code to attempt to cleanup an audit_field struct and the cleanup involves attempting to free a stored LSM string (the lsm_str field). Currently the code always has a non-NULL value in the audit_field.lsm_str field as the top of the for-loop transfers a value into audit_field.val (both .lsm_str and .val are part of the same union); if audit_data_to_entry() fails and the audit_field struct is specified to contain a LSM string, but the audit_field.lsm_str has not yet been properly set, the error handling code will attempt to free the bogus audit_field.lsm_str value that was set with audit_field.val at the top of the for-loop.
This patch corrects this by ensuring that the audit_field.val is only set when needed (it is cleared when the audit_field struct is allocated with kcalloc()). It also corrects a few other issues to ensure that in case of error the proper error code is returned.
Cc: stable@vger.kernel.org Fixes: 219ca39427bf ("audit: use union for audit_field values since they are mutually exclusive") Reported-by: syzbot+1f4d90ead370d72e450b@syzkaller.appspotmail.com Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
1a59d1b8 |
| 27-May-2019 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify it under the terms of th
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details you should have received a copy of the gnu general public license along with this program if not write to the free software foundation inc 59 temple place suite 330 boston ma 02111 1307 usa
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-or-later
has been chosen to replace the boilerplate/reference in 1334 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Richard Fontana <rfontana@redhat.com> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190527070033.113240726@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
839d05e4 |
| 30-May-2019 |
Paul Moore <paul@paul-moore.com> |
audit: remove the BUG() calls in the audit rule comparison functions
The audit_data_to_entry() function ensures that the operator is valid so we can get rid of these BUG() calls. We keep the "retur
audit: remove the BUG() calls in the audit rule comparison functions
The audit_data_to_entry() function ensures that the operator is valid so we can get rid of these BUG() calls. We keep the "return 0" just so the system behaves in a sane-ish manner should something go horribly wrong.
Signed-off-by: Paul Moore <paul@paul-moore.com> Acked-by: Richard Guy Briggs <rgb@redhat.com>
show more ...
|
#
bf361231 |
| 10-May-2019 |
Richard Guy Briggs <rgb@redhat.com> |
audit: add saddr_fam filter field
Provide a method to filter out sockaddr and bind calls by network address family.
Existing SOCKADDR records are listed for any network activity. Implement the AUDI
audit: add saddr_fam filter field
Provide a method to filter out sockaddr and bind calls by network address family.
Existing SOCKADDR records are listed for any network activity. Implement the AUDIT_SADDR_FAM field selector to be able to classify or limit records to specific network address families, such as AF_INET or AF_INET6.
An example of a network record that is unlikely to be useful and flood the logs:
type=SOCKADDR msg=audit(07/27/2017 12:18:27.019:845) : saddr={ fam=local path=/var/run/nscd/socket } type=SYSCALL msg=audit(07/27/2017 12:18:27.019:845) : arch=x86_64 syscall=connect success=no exit=ENOENT(No such file or directory) a0=0x3 a1=0x7fff229c4980 a2=0x6e a3=0x6 items=1 ppid=3301 pid=6145 auid=sgrubb uid=sgrubb gid=sgrubb euid=sgrubb suid=sgrubb fsuid=sgrubb egid=sgrubb sgid=sgrubb fsgid=sgrubb tty=pts3 ses=4 comm=bash exe=/usr/bin/bash subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=network-test
Please see the audit-testsuite PR at https://github.com/linux-audit/audit-testsuite/pull/87 Please see the github issue https://github.com/linux-audit/audit-kernel/issues/64 Please see the github issue for the accompanying userspace support https://github.com/linux-audit/audit-userspace/issues/93
Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: merge fuzz in auditfilter.c] Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
ecc68904 |
| 22-May-2019 |
Richard Guy Briggs <rgb@redhat.com> |
audit: re-structure audit field valid checks
Multiple checks were being done in one switch case statement that started to cause some redundancies and awkward exceptions. Separate the valid field an
audit: re-structure audit field valid checks
Multiple checks were being done in one switch case statement that started to cause some redundancies and awkward exceptions. Separate the valid field and op check from the select valid values checks.
Enforce the elimination of meaningless bitwise and greater/lessthan checks on string fields and other fields with unrelated scalar values.
Please see the github issue https://github.com/linux-audit/audit-kernel/issues/73
Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
795d673a |
| 26-Apr-2019 |
Al Viro <viro@zeniv.linux.org.uk> |
audit_compare_dname_path(): switch to const struct qstr *
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
70c4cf17 |
| 20-Apr-2019 |
Wenwen Wang <wang6495@umn.edu> |
audit: fix a memory leak bug
In audit_rule_change(), audit_data_to_entry() is firstly invoked to translate the payload data to the kernel's rule representation. In audit_data_to_entry(), depending o
audit: fix a memory leak bug
In audit_rule_change(), audit_data_to_entry() is firstly invoked to translate the payload data to the kernel's rule representation. In audit_data_to_entry(), depending on the audit field type, an audit tree may be created in audit_make_tree(), which eventually invokes kmalloc() to allocate the tree. Since this tree is a temporary tree, it will be then freed in the following execution, e.g., audit_add_rule() if the message type is AUDIT_ADD_RULE or audit_del_rule() if the message type is AUDIT_DEL_RULE. However, if the message type is neither AUDIT_ADD_RULE nor AUDIT_DEL_RULE, i.e., the default case of the switch statement, this temporary tree is not freed.
To fix this issue, only allocate the tree when the type is AUDIT_ADD_RULE or AUDIT_DEL_RULE.
Signed-off-by: Wenwen Wang <wang6495@umn.edu> Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
699c1868 |
| 08-Apr-2019 |
Richard Guy Briggs <rgb@redhat.com> |
audit: purge unnecessary list_empty calls
The original conditions that led to the use of list_empty() to optimize list_for_each_entry_rcu() in auditfilter.c and auditsc.c code have been removed with
audit: purge unnecessary list_empty calls
The original conditions that led to the use of list_empty() to optimize list_for_each_entry_rcu() in auditfilter.c and auditsc.c code have been removed without removing the list_empty() call, but this code example has been copied several times. Remove the unnecessary list_empty() calls.
Please see upstream github issue https://github.com/linux-audit/audit-kernel/issues/112
Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
131d34cb |
| 12-Feb-2019 |
Gustavo A. R. Silva <gustavo@embeddedor.com> |
audit: mark expected switch fall-through
In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through.
This patch fixes the following warning:
kernel
audit: mark expected switch fall-through
In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through.
This patch fixes the following warning:
kernel/auditfilter.c: In function ‘audit_krule_to_data’: kernel/auditfilter.c:668:7: warning: this statement may fall through [-Wimplicit-fallthrough=] if (krule->pflags & AUDIT_LOGINUID_LEGACY && !f->val) { ^ kernel/auditfilter.c:674:3: note: here default: ^~~~~~~
Warning level 3 was used: -Wimplicit-fallthrough=3
Notice that, in this particular case, the code comment is modified in accordance with what GCC is expecting to find.
This patch is part of the ongoing efforts to enable -Wimplicit-fallthrough.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
90462a5b |
| 31-Jan-2019 |
Richard Guy Briggs <rgb@redhat.com> |
audit: remove unused actx param from audit_rule_match
The audit_rule_match() struct audit_context *actx parameter is not used by any in-tree consumers (selinux, apparmour, integrity, smack).
The au
audit: remove unused actx param from audit_rule_match
The audit_rule_match() struct audit_context *actx parameter is not used by any in-tree consumers (selinux, apparmour, integrity, smack).
The audit context is an internal audit structure that should only be accessed by audit accessor functions.
It was part of commit 03d37d25e0f9 ("LSM/Audit: Introduce generic Audit LSM hooks") but appears to have never been used.
Remove it.
Please see the github issue https://github.com/linux-audit/audit-kernel/issues/107
Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: fixed the referenced commit title] Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
626abcd1 |
| 18-Jan-2019 |
Richard Guy Briggs <rgb@redhat.com> |
audit: add syscall information to CONFIG_CHANGE records
Tie syscall information to all CONFIG_CHANGE calls since they are all a result of user actions.
Exclude user records from syscall context: Si
audit: add syscall information to CONFIG_CHANGE records
Tie syscall information to all CONFIG_CHANGE calls since they are all a result of user actions.
Exclude user records from syscall context: Since the function audit_log_common_recv_msg() is shared by a number of AUDIT_CONFIG_CHANGE and the entire range of AUDIT_USER_* record types, and since the AUDIT_CONFIG_CHANGE message type has been converted to a syscall accompanied record type, special-case the AUDIT_USER_* range of messages so they remain standalone records.
See: https://github.com/linux-audit/audit-kernel/issues/59 See: https://github.com/linux-audit/audit-kernel/issues/50
Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [PM: fix line lengths in kernel/audit.c] Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
d904ac03 |
| 05-Jun-2018 |
Richard Guy Briggs <rgb@redhat.com> |
audit: rename FILTER_TYPE to FILTER_EXCLUDE
The AUDIT_FILTER_TYPE name is vague and misleading due to not describing where or when the filter is applied and obsolete due to its available filter fiel
audit: rename FILTER_TYPE to FILTER_EXCLUDE
The AUDIT_FILTER_TYPE name is vague and misleading due to not describing where or when the filter is applied and obsolete due to its available filter fields having been expanded.
Userspace has already renamed it from AUDIT_FILTER_TYPE to AUDIT_FILTER_EXCLUDE without checking if it already exists. The userspace maintainer assures that as long as it is set to the same value it will not be a problem since the userspace code does not treat compiler warnings as errors. If this policy changes then checks if it already exists can be added at the same time.
See: https://github.com/linux-audit/audit-kernel/issues/89
Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
29c1372d |
| 30-May-2018 |
Ondrej Mosnáček <omosnace@redhat.com> |
audit: allow other filter list types for AUDIT_EXE
This patch removes the restriction of the AUDIT_EXE field to only SYSCALL filter and teaches audit_filter to recognize this field.
This makes it p
audit: allow other filter list types for AUDIT_EXE
This patch removes the restriction of the AUDIT_EXE field to only SYSCALL filter and teaches audit_filter to recognize this field.
This makes it possible to write rule lists such as:
auditctl -a exit,always [some general rule] # Filter out events with executable name /bin/exe1 or /bin/exe2: auditctl -a exclude,always -F exe=/bin/exe1 auditctl -a exclude,always -F exe=/bin/exe2
See: https://github.com/linux-audit/audit-kernel/issues/54
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
5c5b8d8b |
| 18-May-2018 |
Richard Guy Briggs <rgb@redhat.com> |
audit: use existing session info function
Use the existing audit_log_session_info() function rather than hardcoding its functionality.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-
audit: use existing session info function
Use the existing audit_log_session_info() function rather than hardcoding its functionality.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|
#
23bcc480 |
| 09-Apr-2018 |
Ondrej Mosnáček <omosnace@redhat.com> |
audit: allow not equal op for audit by executable
Current implementation of auditing by executable name only implements the 'equal' operator. This patch extends it to also support the 'not equal' op
audit: allow not equal op for audit by executable
Current implementation of auditing by executable name only implements the 'equal' operator. This patch extends it to also support the 'not equal' operator.
See: https://github.com/linux-audit/audit-kernel/issues/53
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
show more ...
|