mirror of
https://github.com/torvalds/linux.git
synced 2024-11-07 20:51:47 +00:00
0b747172dc
Pull audit updates from Eric Paris. * git://git.infradead.org/users/eparis/audit: (28 commits) AUDIT: make audit_is_compat depend on CONFIG_AUDIT_COMPAT_GENERIC audit: renumber AUDIT_FEATURE_CHANGE into the 1300 range audit: do not cast audit_rule_data pointers pointlesly AUDIT: Allow login in non-init namespaces audit: define audit_is_compat in kernel internal header kernel: Use RCU_INIT_POINTER(x, NULL) in audit.c sched: declare pid_alive as inline audit: use uapi/linux/audit.h for AUDIT_ARCH declarations syscall_get_arch: remove useless function arguments audit: remove stray newline from audit_log_execve_info() audit_panic() call audit: remove stray newlines from audit_log_lost messages audit: include subject in login records audit: remove superfluous new- prefix in AUDIT_LOGIN messages audit: allow user processes to log from another PID namespace audit: anchor all pid references in the initial pid namespace audit: convert PPIDs to the inital PID namespace. pid: get pid_t ppid of task in init_pid_ns audit: rename the misleading audit_get_context() to audit_take_context() audit: Add generic compat syscall support audit: Add CONFIG_HAVE_ARCH_AUDITSYSCALL ...
66 lines
1.9 KiB
C
66 lines
1.9 KiB
C
/*
|
|
* Copyright (C) 2008 IBM Corporation
|
|
* Author: Mimi Zohar <zohar@us.ibm.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, version 2 of the License.
|
|
*
|
|
* File: integrity_audit.c
|
|
* Audit calls for the integrity subsystem
|
|
*/
|
|
|
|
#include <linux/fs.h>
|
|
#include <linux/gfp.h>
|
|
#include <linux/audit.h>
|
|
#include "integrity.h"
|
|
|
|
static int integrity_audit_info;
|
|
|
|
/* ima_audit_setup - enable informational auditing messages */
|
|
static int __init integrity_audit_setup(char *str)
|
|
{
|
|
unsigned long audit;
|
|
|
|
if (!kstrtoul(str, 0, &audit))
|
|
integrity_audit_info = audit ? 1 : 0;
|
|
return 1;
|
|
}
|
|
__setup("integrity_audit=", integrity_audit_setup);
|
|
|
|
void integrity_audit_msg(int audit_msgno, struct inode *inode,
|
|
const unsigned char *fname, const char *op,
|
|
const char *cause, int result, int audit_info)
|
|
{
|
|
struct audit_buffer *ab;
|
|
char name[TASK_COMM_LEN];
|
|
|
|
if (!integrity_audit_info && audit_info == 1) /* Skip info messages */
|
|
return;
|
|
|
|
ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
|
|
audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u",
|
|
task_pid_nr(current),
|
|
from_kuid(&init_user_ns, current_cred()->uid),
|
|
from_kuid(&init_user_ns, audit_get_loginuid(current)),
|
|
audit_get_sessionid(current));
|
|
audit_log_task_context(ab);
|
|
audit_log_format(ab, " op=");
|
|
audit_log_string(ab, op);
|
|
audit_log_format(ab, " cause=");
|
|
audit_log_string(ab, cause);
|
|
audit_log_format(ab, " comm=");
|
|
audit_log_untrustedstring(ab, get_task_comm(name, current));
|
|
if (fname) {
|
|
audit_log_format(ab, " name=");
|
|
audit_log_untrustedstring(ab, fname);
|
|
}
|
|
if (inode) {
|
|
audit_log_format(ab, " dev=");
|
|
audit_log_untrustedstring(ab, inode->i_sb->s_id);
|
|
audit_log_format(ab, " ino=%lu", inode->i_ino);
|
|
}
|
|
audit_log_format(ab, " res=%d", !result);
|
|
audit_log_end(ab);
|
|
}
|