Commit 3cd013ab authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'stable-4.9' of git://git.infradead.org/users/pcmoore/audit

Pull audit updates from Paul Moore:
 "Another relatively small pull request for v4.9 with just two patches.

  The patch from Richard updates the list of features we support and
  report back to userspace; this should have been sent earlier with the
  rest of the v4.8 patches but it got lost in my inbox.

  The second patch fixes a problem reported by our Android friends where
  we weren't very consistent in recording PIDs"

* 'stable-4.9' of git://git.infradead.org/users/pcmoore/audit:
  audit: add exclude filter extension to feature bitmap
  audit: consistently record PIDs with task_tgid_nr()
parents e46cae44 7ff89ac6
...@@ -329,9 +329,11 @@ enum { ...@@ -329,9 +329,11 @@ enum {
#define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT 0x00000001 #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT 0x00000001
#define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME 0x00000002 #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME 0x00000002
#define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH 0x00000004 #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH 0x00000004
#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND 0x00000008
#define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \ #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \ AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH) AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND)
/* deprecated: AUDIT_VERSION_* */ /* deprecated: AUDIT_VERSION_* */
#define AUDIT_VERSION_LATEST AUDIT_FEATURE_BITMAP_ALL #define AUDIT_VERSION_LATEST AUDIT_FEATURE_BITMAP_ALL
......
...@@ -877,6 +877,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) ...@@ -877,6 +877,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
return err; return err;
} }
if (s.mask & AUDIT_STATUS_PID) { if (s.mask & AUDIT_STATUS_PID) {
/* NOTE: we are using task_tgid_vnr() below because
* the s.pid value is relative to the namespace
* of the caller; at present this doesn't matter
* much since you can really only run auditd
* from the initial pid namespace, but something
* to keep in mind if this changes */
int new_pid = s.pid; int new_pid = s.pid;
pid_t requesting_pid = task_tgid_vnr(current); pid_t requesting_pid = task_tgid_vnr(current);
...@@ -1917,7 +1923,7 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) ...@@ -1917,7 +1923,7 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
" euid=%u suid=%u fsuid=%u" " euid=%u suid=%u fsuid=%u"
" egid=%u sgid=%u fsgid=%u tty=%s ses=%u", " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
task_ppid_nr(tsk), task_ppid_nr(tsk),
task_pid_nr(tsk), task_tgid_nr(tsk),
from_kuid(&init_user_ns, audit_get_loginuid(tsk)), from_kuid(&init_user_ns, audit_get_loginuid(tsk)),
from_kuid(&init_user_ns, cred->uid), from_kuid(&init_user_ns, cred->uid),
from_kgid(&init_user_ns, cred->gid), from_kgid(&init_user_ns, cred->gid),
......
...@@ -457,7 +457,7 @@ static int audit_filter_rules(struct task_struct *tsk, ...@@ -457,7 +457,7 @@ static int audit_filter_rules(struct task_struct *tsk,
switch (f->type) { switch (f->type) {
case AUDIT_PID: case AUDIT_PID:
pid = task_pid_nr(tsk); pid = task_tgid_nr(tsk);
result = audit_comparator(pid, f->op, f->val); result = audit_comparator(pid, f->op, f->val);
break; break;
case AUDIT_PPID: case AUDIT_PPID:
...@@ -1993,7 +1993,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, ...@@ -1993,7 +1993,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
loginuid = from_kuid(&init_user_ns, kloginuid), loginuid = from_kuid(&init_user_ns, kloginuid),
tty = audit_get_tty(current); tty = audit_get_tty(current);
audit_log_format(ab, "pid=%d uid=%u", task_pid_nr(current), uid); audit_log_format(ab, "pid=%d uid=%u", task_tgid_nr(current), uid);
audit_log_task_context(ab); audit_log_task_context(ab);
audit_log_format(ab, " old-auid=%u auid=%u tty=%s old-ses=%u ses=%u res=%d", audit_log_format(ab, " old-auid=%u auid=%u tty=%s old-ses=%u ses=%u res=%d",
oldloginuid, loginuid, tty ? tty_name(tty) : "(none)", oldloginuid, loginuid, tty ? tty_name(tty) : "(none)",
...@@ -2220,7 +2220,7 @@ void __audit_ptrace(struct task_struct *t) ...@@ -2220,7 +2220,7 @@ void __audit_ptrace(struct task_struct *t)
{ {
struct audit_context *context = current->audit_context; struct audit_context *context = current->audit_context;
context->target_pid = task_pid_nr(t); context->target_pid = task_tgid_nr(t);
context->target_auid = audit_get_loginuid(t); context->target_auid = audit_get_loginuid(t);
context->target_uid = task_uid(t); context->target_uid = task_uid(t);
context->target_sessionid = audit_get_sessionid(t); context->target_sessionid = audit_get_sessionid(t);
...@@ -2245,7 +2245,7 @@ int __audit_signal_info(int sig, struct task_struct *t) ...@@ -2245,7 +2245,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
if (audit_pid && t->tgid == audit_pid) { if (audit_pid && t->tgid == audit_pid) {
if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) { if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) {
audit_sig_pid = task_pid_nr(tsk); audit_sig_pid = task_tgid_nr(tsk);
if (uid_valid(tsk->loginuid)) if (uid_valid(tsk->loginuid))
audit_sig_uid = tsk->loginuid; audit_sig_uid = tsk->loginuid;
else else
...@@ -2345,7 +2345,7 @@ int __audit_log_bprm_fcaps(struct linux_binprm *bprm, ...@@ -2345,7 +2345,7 @@ int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
void __audit_log_capset(const struct cred *new, const struct cred *old) void __audit_log_capset(const struct cred *new, const struct cred *old)
{ {
struct audit_context *context = current->audit_context; struct audit_context *context = current->audit_context;
context->capset.pid = task_pid_nr(current); context->capset.pid = task_tgid_nr(current);
context->capset.cap.effective = new->cap_effective; context->capset.cap.effective = new->cap_effective;
context->capset.cap.inheritable = new->cap_effective; context->capset.cap.inheritable = new->cap_effective;
context->capset.cap.permitted = new->cap_permitted; context->capset.cap.permitted = new->cap_permitted;
...@@ -2377,7 +2377,7 @@ static void audit_log_task(struct audit_buffer *ab) ...@@ -2377,7 +2377,7 @@ static void audit_log_task(struct audit_buffer *ab)
from_kgid(&init_user_ns, gid), from_kgid(&init_user_ns, gid),
sessionid); sessionid);
audit_log_task_context(ab); audit_log_task_context(ab);
audit_log_format(ab, " pid=%d comm=", task_pid_nr(current)); audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));
audit_log_untrustedstring(ab, get_task_comm(comm, current)); audit_log_untrustedstring(ab, get_task_comm(comm, current));
audit_log_d_path_exe(ab, current->mm); audit_log_d_path_exe(ab, current->mm);
} }
......
...@@ -220,7 +220,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, ...@@ -220,7 +220,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
*/ */
BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2); BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2);
audit_log_format(ab, " pid=%d comm=", task_pid_nr(current)); audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));
audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm))); audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm)));
switch (a->type) { switch (a->type) {
...@@ -294,7 +294,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, ...@@ -294,7 +294,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
case LSM_AUDIT_DATA_TASK: { case LSM_AUDIT_DATA_TASK: {
struct task_struct *tsk = a->u.tsk; struct task_struct *tsk = a->u.tsk;
if (tsk) { if (tsk) {
pid_t pid = task_pid_nr(tsk); pid_t pid = task_tgid_nr(tsk);
if (pid) { if (pid) {
char comm[sizeof(tsk->comm)]; char comm[sizeof(tsk->comm)];
audit_log_format(ab, " opid=%d ocomm=", pid); audit_log_format(ab, " opid=%d ocomm=", pid);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment