Commit 51b3eae8 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'stable-4.6' of git://git.infradead.org/users/pcmoore/audit

Pull audit updates from Paul Moore:
 "A small set of patches for audit this time; just three in total and
  one is a spelling fix.

  The two patches with actual content are designed to help prevent new
  instances of auditd from displacing an existing, functioning auditd
  and to generate a log of the attempt.  Not to worry, dead/stuck auditd
  instances can still be replaced by a new instance without problem.

  Nothing controversial, and everything passes our regression suite"

* 'stable-4.6' of git://git.infradead.org/users/pcmoore/audit:
  audit: Fix typo in comment
  audit: log failed attempts to change audit_pid configuration
  audit: stop an old auditd being starved out by a new auditd
parents de06dbfa fd97646b
...@@ -110,6 +110,7 @@ ...@@ -110,6 +110,7 @@
#define AUDIT_SECCOMP 1326 /* Secure Computing event */ #define AUDIT_SECCOMP 1326 /* Secure Computing event */
#define AUDIT_PROCTITLE 1327 /* Proctitle emit event */ #define AUDIT_PROCTITLE 1327 /* Proctitle emit event */
#define AUDIT_FEATURE_CHANGE 1328 /* audit log listing feature changes */ #define AUDIT_FEATURE_CHANGE 1328 /* audit log listing feature changes */
#define AUDIT_REPLACE 1329 /* Replace auditd if this packet unanswerd */
#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
......
...@@ -809,6 +809,16 @@ static int audit_set_feature(struct sk_buff *skb) ...@@ -809,6 +809,16 @@ static int audit_set_feature(struct sk_buff *skb)
return 0; return 0;
} }
static int audit_replace(pid_t pid)
{
struct sk_buff *skb = audit_make_reply(0, 0, AUDIT_REPLACE, 0, 0,
&pid, sizeof(pid));
if (!skb)
return -ENOMEM;
return netlink_unicast(audit_sock, skb, audit_nlk_portid, 0);
}
static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
{ {
u32 seq; u32 seq;
...@@ -870,9 +880,17 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) ...@@ -870,9 +880,17 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
} }
if (s.mask & AUDIT_STATUS_PID) { if (s.mask & AUDIT_STATUS_PID) {
int new_pid = s.pid; int new_pid = s.pid;
pid_t requesting_pid = task_tgid_vnr(current);
if ((!new_pid) && (task_tgid_vnr(current) != audit_pid)) if ((!new_pid) && (requesting_pid != audit_pid)) {
audit_log_config_change("audit_pid", new_pid, audit_pid, 0);
return -EACCES; return -EACCES;
}
if (audit_pid && new_pid &&
audit_replace(requesting_pid) != -ECONNREFUSED) {
audit_log_config_change("audit_pid", new_pid, audit_pid, 0);
return -EEXIST;
}
if (audit_enabled != AUDIT_OFF) if (audit_enabled != AUDIT_OFF)
audit_log_config_change("audit_pid", new_pid, audit_pid, 1); audit_log_config_change("audit_pid", new_pid, audit_pid, 1);
audit_pid = new_pid; audit_pid = new_pid;
......
...@@ -185,7 +185,7 @@ static struct audit_watch *audit_init_watch(char *path) ...@@ -185,7 +185,7 @@ static struct audit_watch *audit_init_watch(char *path)
return watch; return watch;
} }
/* Translate a watch string to kernel respresentation. */ /* Translate a watch string to kernel representation. */
int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op) int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op)
{ {
struct audit_watch *watch; struct audit_watch *watch;
......
...@@ -158,7 +158,7 @@ char *audit_unpack_string(void **bufp, size_t *remain, size_t len) ...@@ -158,7 +158,7 @@ char *audit_unpack_string(void **bufp, size_t *remain, size_t len)
return str; return str;
} }
/* Translate an inode field to kernel respresentation. */ /* Translate an inode field to kernel representation. */
static inline int audit_to_inode(struct audit_krule *krule, static inline int audit_to_inode(struct audit_krule *krule,
struct audit_field *f) struct audit_field *f)
{ {
...@@ -415,7 +415,7 @@ static int audit_field_valid(struct audit_entry *entry, struct audit_field *f) ...@@ -415,7 +415,7 @@ static int audit_field_valid(struct audit_entry *entry, struct audit_field *f)
return 0; return 0;
} }
/* Translate struct audit_rule_data to kernel's rule respresentation. */ /* Translate struct audit_rule_data to kernel's rule representation. */
static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
size_t datasz) size_t datasz)
{ {
...@@ -593,7 +593,7 @@ static inline size_t audit_pack_string(void **bufp, const char *str) ...@@ -593,7 +593,7 @@ static inline size_t audit_pack_string(void **bufp, const char *str)
return len; return len;
} }
/* Translate kernel rule respresentation to struct audit_rule_data. */ /* Translate kernel rule representation to struct audit_rule_data. */
static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule) static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)
{ {
struct audit_rule_data *data; struct audit_rule_data *data;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment