1. 09 Oct, 2007 1 commit
  2. 23 Aug, 2007 1 commit
  3. 08 Aug, 2007 1 commit
  4. 29 Jul, 2007 1 commit
  5. 22 Jul, 2007 2 commits
    • Al Viro's avatar
      [PATCH] get rid of AVC_PATH postponed treatment · 4259fa01
      Al Viro authored
      
      
              Selinux folks had been complaining about the lack of AVC_PATH
      records when audit is disabled.  I must admit my stupidity - I assumed
      that avc_audit() really couldn't use audit_log_d_path() because of
      deadlocks (== could be called with dcache_lock or vfsmount_lock held).
      Shouldn't have made that assumption - it never gets called that way.
      It _is_ called under spinlocks, but not those.
      
              Since audit_log_d_path() uses ab->gfp_mask for allocations,
      kmalloc() in there is not a problem.  IOW, the simple fix is sufficient:
      let's rip AUDIT_AVC_PATH out and simply generate pathname as part of main
      record.  It's trivial to do.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Acked-by: default avatarJames Morris <jmorris@namei.org>
      4259fa01
    • Steve Grubb's avatar
      [PATCH] Make IPC mode consistent · 5b9a4262
      Steve Grubb authored
      
      
      The mode fields for IPC records are not consistent. Some are hex, others are
      octal. This patch makes them all octal.
      Signed-off-by: default avatarSteve Grubb <sgrubb@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      5b9a4262
  6. 19 Jul, 2007 2 commits
  7. 16 Jul, 2007 2 commits
    • Henrik Kretzschmar's avatar
      kerneldoc fix in audit_core_dumps · 6d9525b5
      Henrik Kretzschmar authored
      
      
      Fix parameter name in audit_core_dumps for kerneldoc.
      Signed-off-by: default avatarHenrik Kretzschmar <henne@nachtwindheim.de>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6d9525b5
    • Miloslav Trmac's avatar
      Audit: add TTY input auditing · 522ed776
      Miloslav Trmac authored
      Add TTY input auditing, used to audit system administrator's actions.  This is
      required by various security standards such as DCID 6/3 and PCI to provide
      non-repudiation of administrator's actions and to allow a review of past
      actions if the administrator seems to overstep their duties or if the system
      becomes misconfigured for unknown reasons.  These requirements do not make it
      necessary to audit TTY output as well.
      
      Compared to an user-space keylogger, this approach records TTY input using the
      audit subsystem, correlated with other audit events, and it is completely
      transparent to the user-space application (e.g.  the console ioctls still
      work).
      
      TTY input auditing works on a higher level than auditing all system calls
      within the session, which would produce an overwhelming amount of mostly
      useless audit events.
      
      Add an "audit_tty" attribute, inherited across fork ().  Data read from TTYs
      by process with the attribute is sent to the audit subsystem by the kernel.
      The audit netlink interface is extended to allow modifying the audit_tty
      attribute, and to allow sending explanatory audit events from user-space (for
      example, a shell might send an event containing the final command, after the
      interactive command-line editing and history expansion is performed, which
      might be difficult to decipher from the TTY input alone).
      
      Because the "audit_tty" attribute is inherited across fork (), it would be set
      e.g.  for sshd restarted within an audited session.  To prevent this, the
      audit_tty attribute is cleared when a process with no open TTY file
      descriptors (e.g.  after daemon startup) opens a TTY.
      
      See https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html
      
       for a
      more detailed rationale document for an older version of this patch.
      
      [akpm@linux-foundation.org: build fix]
      Signed-off-by: default avatarMiloslav Trmac <mitr@redhat.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
      Cc: Paul Fulghum <paulkf@microgate.com>
      Cc: Casey Schaufler <casey@schaufler-ca.com>
      Cc: Steve Grubb <sgrubb@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      522ed776
  8. 11 May, 2007 6 commits
  9. 14 Mar, 2007 1 commit
  10. 18 Feb, 2007 1 commit
    • Al Viro's avatar
      [PATCH] AUDIT_FD_PAIR · db349509
      Al Viro authored
      
      
      Provide an audit record of the descriptor pair returned by pipe() and
      socketpair().  Rewritten from the original posted to linux-audit by
      John D. Ramsdell <ramsdell@mitre.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      db349509
  11. 08 Dec, 2006 2 commits
    • Josef Sipek's avatar
      [PATCH] struct path: convert kernel · a7a005fd
      Josef Sipek authored
      
      Signed-off-by: default avatarJosef Sipek <jsipek@fsl.cs.sunysb.edu>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      a7a005fd
    • Peter Zijlstra's avatar
      [PATCH] tty: ->signal->tty locking · 24ec839c
      Peter Zijlstra authored
      
      
      Fix the locking of signal->tty.
      
      Use ->sighand->siglock to protect ->signal->tty; this lock is already used
      by most other members of ->signal/->sighand.  And unless we are 'current'
      or the tasklist_lock is held we need ->siglock to access ->signal anyway.
      
      (NOTE: sys_unshare() is broken wrt ->sighand locking rules)
      
      Note that tty_mutex is held over tty destruction, so while holding
      tty_mutex any tty pointer remains valid.  Otherwise the lifetime of ttys
      are governed by their open file handles.  This leaves some holes for tty
      access from signal->tty (or any other non file related tty access).
      
      It solves the tty SLAB scribbles we were seeing.
      
      (NOTE: the change from group_send_sig_info to __group_send_sig_info needs to
             be examined by someone familiar with the security framework, I think
             it is safe given the SEND_SIG_PRIV from other __group_send_sig_info
             invocations)
      
      [schwidefsky@de.ibm.com: 3270 fix]
      [akpm@osdl.org: various post-viro fixes]
      Signed-off-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
      Acked-by: default avatarAlan Cox <alan@redhat.com>
      Cc: Oleg Nesterov <oleg@tv-sign.ru>
      Cc: Prarit Bhargava <prarit@redhat.com>
      Cc: Chris Wright <chrisw@sous-sol.org>
      Cc: Roland McGrath <roland@redhat.com>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: James Morris <jmorris@namei.org>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Jeff Dike <jdike@addtoit.com>
      Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
      Cc: Jan Kara <jack@ucw.cz>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
      24ec839c
  12. 07 Dec, 2006 1 commit
  13. 04 Dec, 2006 1 commit
  14. 04 Oct, 2006 2 commits
  15. 29 Sep, 2006 1 commit
  16. 26 Sep, 2006 2 commits
  17. 11 Sep, 2006 1 commit
  18. 03 Aug, 2006 6 commits
  19. 01 Jul, 2006 3 commits
    • Darrel Goeddel's avatar
      [PATCH] audit: support for object context filters · 6e5a2d1d
      Darrel Goeddel authored
      
      
      This patch introduces object audit filters based on the elements
      of the SELinux context.
      Signed-off-by: default avatarDarrel Goeddel <dgoeddel@trustedcs.com>
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      
       kernel/auditfilter.c           |   25 +++++++++++++++++++++++++
       kernel/auditsc.c               |   40 ++++++++++++++++++++++++++++++++++++++++
       security/selinux/ss/services.c |   18 +++++++++++++++++-
       3 files changed, 82 insertions(+), 1 deletion(-)
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      6e5a2d1d
    • Darrel Goeddel's avatar
      [PATCH] audit: rename AUDIT_SE_* constants · 3a6b9f85
      Darrel Goeddel authored
      
      
      This patch renames some audit constant definitions and adds
      additional definitions used by the following patch.  The renaming
      avoids ambiguity with respect to the new definitions.
      Signed-off-by: default avatarDarrel Goeddel <dgoeddel@trustedcs.com>
      
       include/linux/audit.h          |   15 ++++++++----
       kernel/auditfilter.c           |   50 ++++++++++++++++++++---------------------
       kernel/auditsc.c               |   10 ++++----
       security/selinux/ss/services.c |   32 +++++++++++++-------------
       4 files changed, 56 insertions(+), 51 deletions(-)
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      3a6b9f85
    • Amy Griffis's avatar
      [PATCH] add rule filterkey · 5adc8a6a
      Amy Griffis authored
      
      
      Add support for a rule key, which can be used to tie audit records to audit
      rules.  This is useful when a watched file is accessed through a link or
      symlink, as well as for general audit log analysis.
      
      Because this patch uses a string key instead of an integer key, there is a bit
      of extra overhead to do the kstrdup() when a rule fires.  However, we're also
      allocating memory for the audit record buffer, so it's probably not that
      significant.  I went ahead with a string key because it seems more
      user-friendly.
      
      Note that the user must ensure that filterkeys are unique.  The kernel only
      checks for duplicate rules.
      Signed-off-by: default avatarAmy Griffis <amy.griffis@hpd.com>
      5adc8a6a
  20. 28 Jun, 2006 2 commits
  21. 23 Jun, 2006 1 commit