)]}' { "log": [ { "commit": "dbda4c0b97b18fd59b3964548361b4f92357f730", "tree": "ca7e2827541aec01762f2a9c0e3155aaf49bf0ca", "parents": [ "934e6ebf96e8c1a0f299e64129fdaebc1132a427" ], "author": { "name": "Alan Cox", "email": "alan@redhat.com", "time": "Mon Oct 13 10:40:53 2008 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 13 09:51:42 2008 -0700" }, "message": "tty: Fix abusers of current-\u003esighand-\u003etty\n\nVarious people outside the tty layer still stick their noses in behind the\nscenes. We need to make sure they also obey the locking and referencing rules.\n\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c4bacefb7aaf49da11a695f29d85d40909f17693", "tree": "f79955a37bab3ebe9942cba292ae560fb281c8bf", "parents": [ "bef69ea0dcce574a425feb0a5aa4c63dd108b9a6" ], "author": { "name": "Cordelia", "email": "cordsam@linux.vnet.ibm.com", "time": "Mon Aug 18 09:45:51 2008 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Sep 01 23:06:45 2008 -0400" }, "message": "[PATCH] audit: Moved variable declaration to beginning of function\n\ngot rid of compilation warning:\nISO C90 forbids mixed declarations and code\n\nSigned-off-by: Cordelia Sam \u003ccordesam@gmail.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1a61c88defcd611bd148d6c960b498e1b8bbbe00", "tree": "8b8d84cb828caabd61d849967b3a6f8de6df2b66", "parents": [ "2b12a4c524812fb3f6ee590a02e65b95c8c32229" ], "author": { "name": "zhangxiliang", "email": "zhangxiliang@cn.fujitsu.com", "time": "Sat Aug 02 10:56:37 2008 +0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Aug 04 06:13:50 2008 -0400" }, "message": "Re: [PATCH] Fix the kernel panic of audit_filter_task when key field is set\n\nSorry, I miss a blank between if and \"(\".\nAnd I add \"unlikely\" to check \"ctx\" in audit_match_perm() and audit_match_filetype().\nThis is a new patch for it.\n\nSigned-off-by: Zhang Xiliang \u003czhangxiliang@cn.fujitsu.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "980dfb0db340b95094732d78b55311f2c539c1af", "tree": "7235e21116a0958591adeaec4e51734cc224094e", "parents": [ "036bbf76ad9f83781590623111b80ba0b82930ac" ], "author": { "name": "zhangxiliang", "email": "zhangxiliang@cn.fujitsu.com", "time": "Fri Aug 01 19:15:47 2008 +0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Aug 01 12:15:03 2008 -0400" }, "message": "[PATCH] Fix the kernel panic of audit_filter_task when key field is set\n\nWhen calling audit_filter_task(), it calls audit_filter_rules() with audit_context is NULL.\nIf the key field is set, the result in audit_filter_rules() will be set to 1 and\nctx-\u003efilterkey will be set to key.\nBut the ctx is NULL in this condition, so kernel will panic.\n\nSigned-off-by: Zhang Xiliang \u003czhangxiliang@cn.fujitsu.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ee1d315663ee0b494898f813a266d6244b263b4f", "tree": "f9bf6dcacaf105431641469089e20516dd403fc5", "parents": [ "94ad374a0751f40d25e22e036c37f7263569d24c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jul 07 10:49:45 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Aug 01 12:05:32 2008 -0400" }, "message": "[PATCH] Audit: Collect signal info when SIGUSR2 is sent to auditd\n\nMakes the kernel audit subsystem collect information about the sending\nprocess when that process sends SIGUSR2 to the userspace audit daemon.\nSIGUSR2 is a new interesting signal to auditd telling auditd that it\nshould try to start logging to disk again and the error condition which\ncaused it to stop logging to disk (usually out of space) has been\nrectified.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "86a1c34a929f30fde8ad01ea8245df61ddcf58b7", "tree": "c4983e33488c66d3fcccad07b87b27f1bd2e6841", "parents": [ "15e8f348db372dec21229fda5d52ae6ee7e64666" ], "author": { "name": "Roland McGrath", "email": "roland@redhat.com", "time": "Mon Jun 23 15:37:04 2008 -0700" }, "committer": { "name": "Roland McGrath", "email": "roland@redhat.com", "time": "Wed Jul 23 17:47:32 2008 -0700" }, "message": "x86_64 syscall audit fast-path\n\nThis adds a fast path for 64-bit syscall entry and exit when\nTIF_SYSCALL_AUDIT is set, but no other kind of syscall tracing.\nThis path does not need to save and restore all registers as\nthe general case of tracing does. Avoiding the iret return path\nwhen syscall audit is enabled helps performance a lot.\n\nSigned-off-by: Roland McGrath \u003croland@redhat.com\u003e\n" }, { "commit": "8b67dca9420474623709e00d72a066068a502b20", "tree": "9d4dc19d849dd23cf00cee0851fd402062cdf1ea", "parents": [ "4a761b8c1d7a3a4ee7ccf92ce255d986f601e067" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 04:15:49 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:28:37 2008 -0400" }, "message": "[PATCH] new predicate - AUDIT_FILETYPE\n\nArgument is S_IF... | \u003cindex\u003e, where index is normally 0 or 1.\nTriggers if chosen element of ctx-\u003enames[] is present and the\nmode of object in question matches the upper bits of argument.\nI.e. for things like \"is the argument of that chmod a directory\",\netc.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7719e437fac119e57b17588bab3a8e39ff9d22eb", "tree": "56b08aec09225ac5587d9d8b7fee089181e26d25", "parents": [ "c782f242f0602edf848355d41e3676753c2280c8" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Sun Apr 27 02:39:56 2008 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:28:17 2008 -0400" }, "message": "[PATCH 2/2] audit: fix sparse shadowed variable warnings\n\nUse msglen as the identifier.\nkernel/audit.c:724:10: warning: symbol \u0027len\u0027 shadows an earlier one\nkernel/audit.c:575:8: originally declared here\n\nDon\u0027t use ino_f to check the inode field at the end of the functions.\nkernel/auditfilter.c:429:22: warning: symbol \u0027f\u0027 shadows an earlier one\nkernel/auditfilter.c:420:21: originally declared here\nkernel/auditfilter.c:542:22: warning: symbol \u0027f\u0027 shadows an earlier one\nkernel/auditfilter.c:529:21: originally declared here\n\ni always used as a counter for a for loop and initialized to zero before\nuse. Eliminate the inner i variables.\nkernel/auditsc.c:1295:8: warning: symbol \u0027i\u0027 shadows an earlier one\nkernel/auditsc.c:1152:6: originally declared here\nkernel/auditsc.c:1320:7: warning: symbol \u0027i\u0027 shadows an earlier one\nkernel/auditsc.c:1152:6: originally declared here\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c782f242f0602edf848355d41e3676753c2280c8", "tree": "e7c40c0cb99b64e6874b5e9d2602ff10b9a6597b", "parents": [ "0ef1970d7fcee1b4cb33c5017803e9039bf42db2" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Sun Apr 27 02:39:17 2008 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:28:04 2008 -0400" }, "message": "[PATCH 1/2] audit: move extern declarations to audit.h\n\nLeave audit_sig_{uid|pid|sid} protected by #ifdef CONFIG_AUDITSYSCALL.\n\nNoticed by sparse:\nkernel/audit.c:73:6: warning: symbol \u0027audit_ever_enabled\u0027 was not declared. Should it be static?\nkernel/audit.c:100:8: warning: symbol \u0027audit_sig_uid\u0027 was not declared. Should it be static?\nkernel/audit.c:101:8: warning: symbol \u0027audit_sig_pid\u0027 was not declared. Should it be static?\nkernel/audit.c:102:6: warning: symbol \u0027audit_sig_sid\u0027 was not declared. Should it be static?\nkernel/audit.c:117:23: warning: symbol \u0027audit_ih\u0027 was not declared. Should it be static?\nkernel/auditfilter.c:78:18: warning: symbol \u0027audit_filter_list\u0027 was not declared. Should it be static?\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b556f8ad58c6e9f8f485c8cef7546e3fc82c382a", "tree": "e7a1c5ce313b6dec9727d69b08b5005dc35709a3", "parents": [ "f09ac9db2aafe36fde9ebd63c8c5d776f6e7bd41" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:12:59 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:19:22 2008 -0400" }, "message": "Audit: standardize string audit interfaces\n\nThis patch standardized the string auditing interfaces. No userspace\nchanges will be visible and this is all just cleanup and consistancy\nwork. We have the following string audit interfaces to use:\n\nvoid audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len);\n\nvoid audit_log_n_string(struct audit_buffer *ab, const char *buf, size_t n);\nvoid audit_log_string(struct audit_buffer *ab, const char *buf);\n\nvoid audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string, size_t n);\nvoid audit_log_untrustedstring(struct audit_buffer *ab, const char *string);\n\nThis may be the first step to possibly fixing some of the issues that\npeople have with the string output from the kernel audit system. But we\nstill don\u0027t have an agreed upon solution to that problem.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "436c405c7d19455a71f42c9bec5fd5e028f1eb4e", "tree": "dac0f1c83fc2be2c49e8df5f6366a128758bb42e", "parents": [ "064922a805ec7aadfafdd27aa6b4908d737c3c1d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:01:04 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 04:45:07 2008 -0400" }, "message": "Audit: end printk with newline\n\nA couple of audit printk statements did not have a newline.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "04305e4aff8b0533dc05f9f6f1a34d0796bd985f", "tree": "9938264917b4b9e6e147b883d88fca94c6788b76", "parents": [ "9d57a7f9e23dc30783d245280fc9907cf2c87837" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Apr 19 09:59:43 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:59:43 2008 +1000" }, "message": "Audit: Final renamings and cleanup\n\nRename the se_str and se_rule audit fields elements to\nlsm_str and lsm_rule to avoid confusion.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d7a96f3a1ae279a2129653d6cb18d722f2f00f91", "tree": "fc38736f303133f80912f1640f2d4fac0027fe04", "parents": [ "03d37d25e0f91b28c4b6d002be6221f1af4b19d8" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 22:01:11 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:37 2008 +1000" }, "message": "Audit: internally use the new LSM audit hooks\n\nConvert Audit to use the new LSM Audit hooks instead of\nthe exported SELinux interface.\n\nBasically, use:\nsecurity_audit_rule_init\nsecuirty_audit_rule_free\nsecurity_audit_rule_known\nsecurity_audit_rule_match\n\ninstad of (respectively) :\nselinux_audit_rule_init\nselinux_audit_rule_free\naudit_rule_has_selinux\nselinux_audit_rule_match\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2a862b32f3da5a2120043921ad301322ad526084", "tree": "bb97054b2f648504f670e3eaed2626b547c4d081", "parents": [ "713a04aeaba35bb95d442cdeb52055498519be25" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 21:54:38 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:34 2008 +1000" }, "message": "Audit: use new LSM hooks instead of SELinux exports\n\nStop using the following exported SELinux interfaces:\nselinux_get_inode_sid(inode, sid)\nselinux_get_ipc_sid(ipcp, sid)\nselinux_get_task_sid(tsk, sid)\nselinux_sid_to_string(sid, ctx, len)\nkfree(ctx)\n\nand use following generic LSM equivalents respectively:\nsecurity_inode_getsecid(inode, secid)\nsecurity_ipc_getsecid*(ipcp, secid)\nsecurity_task_getsecid(tsk, secid)\nsecurity_sid_to_secctx(sid, ctx, len)\nsecurity_release_secctx(ctx, len)\n\nCall security_release_secctx only if security_secid_to_secctx\nsucceeded.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "422b03cf75e11dfdfb29b0f19709bac585335f86", "tree": "16cecc0fe134f019159d704760d0277febe60d01", "parents": [ "d395991c117d43bfca97101a931a41d062a93852" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Feb 27 10:39:22 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 01 07:16:06 2008 -0500" }, "message": "[PATCH] Audit: Fix the format type for size_t variables\n\nFix the following compiler warning by using \"%zu\" as defined in C99.\n\n CC kernel/auditsc.o\n kernel/auditsc.c: In function \u0027audit_log_single_execve_arg\u0027:\n kernel/auditsc.c:1074: warning: format \u0027%ld\u0027 expects type \u0027long int\u0027, but\n argument 4 has type \u0027size_t\u0027\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b0abcfc14605b2a8c686bd8e193ab05b01a7980b", "tree": "cb07f92693df0135ac546b965b909b48d7645dde", "parents": [ "f702c5815696bfca095cc1173fff6995c4d39844" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Feb 18 18:23:16 2008 -0500" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Feb 18 18:46:28 2008 -0800" }, "message": "Audit: use \u003d\u003d not \u003d in if statements\n\nClearly this was supposed to be an \u003d\u003d not an \u003d in the if statement.\nThis patch also causes us to stop processing execve args once we have\nfailed rather than continuing to loop on failure over and over and over.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "44707fdf5938ad269ea5d6c5744d82f6a7328746", "tree": "7eb1704418eb41b859ad24bc48f6400135474d87", "parents": [ "a03a8a709a0c34b61b7aea1d54a0473a6b941fdb" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:38:33 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:17:08 2008 -0800" }, "message": "d_path: Use struct path in struct avc_audit_data\n\naudit_log_d_path() is a d_path() wrapper that is used by the audit code. To\nuse a struct path in audit_log_d_path() I need to embed it into struct\navc_audit_data.\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \"J. Bruce Fields\" \u003cbfields@fieldses.org\u003e\nCc: Neil Brown \u003cneilb@suse.de\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "6ac08c39a16f72c2d3e845cb6849a1392fa03e80", "tree": "d7603571e9ab3ea4b57b7901211320e48d0c5ed8", "parents": [ "5dd784d04924be5d8bc066aded0ec3274b20e612" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:34:38 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:13:33 2008 -0800" }, "message": "Use struct path in fs_struct\n\n* Use struct path in fs_struct.\n\nSigned-off-by: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b593d384efcff7bdf6beb1bc1bc69927977aee26", "tree": "9055ef0decc84dcbf0da67135535f0746e602e8e", "parents": [ "50397bd1e471391d27f64efad9271459c913de87" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 08 17:38:31 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:24:45 2008 -0500" }, "message": "[AUDIT] create context if auditing was ever enabled\n\nDisabling audit at runtime by auditctl doesn\u0027t mean that we can\nstop allocating contexts for new processes; we don\u0027t want to miss them\nwhen that sucker is reenabled.\n\n(based on work from Al Viro in the RHEL kernel series)\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "de6bbd1d30e5912620d25dd15e3f180ac7f9fcef", "tree": "3807b13f8e2e490c258c5bb37915c95fc1bcfe20", "parents": [ "e445deb593d67c8ed13bd357c780a93d78bc84cf" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 14:31:58 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:23:55 2008 -0500" }, "message": "[AUDIT] break large execve argument logging into smaller messages\n\nexecve arguments can be quite large. There is no limit on the number of\narguments and a 4G limit on the size of an argument.\n\nthis patch prints those aruguments in bite sized pieces. a userspace size\nlimitation of 8k was discovered so this keeps messages around 7.5k\n\nsingle arguments larger than 7.5k in length are split into multiple records\nand can be identified as aX[Y]\u003d\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6246ccab99093a562044596dd868213caa0b2b4c", "tree": "b373e388bd35549a540ce8693cceeea3660d02e1", "parents": [ "c0641f28dcbecb6dc34a4fd003a9947fcd080696" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 14:01:18 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:07:46 2008 -0500" }, "message": "[AUDIT] do not panic on exclude messages in audit_log_pid_context()\n\nIf we fail to get an ab in audit_log_pid_context this may be due to an exclude\nrule rather than a memory allocation failure. If it was due to a memory\nallocation failue we would have already paniced and no need to do it again.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "c0641f28dcbecb6dc34a4fd003a9947fcd080696", "tree": "75cc2700afe2e83834895e7f45c7f663faf2e034", "parents": [ "4746ec5b01ed07205a91e4f7ed9de9d70f371407" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 13:49:15 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:07:19 2008 -0500" }, "message": "[AUDIT] Add End of Event record\n\nThis patch adds an end of event record type. It will be sent by the kernel as\nthe last record when a multi-record event is triggered. This will aid realtime\nanalysis programs since they will now reliably know they have the last record\nto complete an event. The audit daemon filters this and will not write it to\ndisk.\n\nSigned-off-by: Steve Grubb \u003csgrubb redhat com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "4746ec5b01ed07205a91e4f7ed9de9d70f371407", "tree": "7a3a836b6178ccab24801e90b69c1159b2c23099", "parents": [ "c2a7780efe37d01bdb3facc85a94663e6d67d4a8" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 08 10:06:53 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:06:51 2008 -0500" }, "message": "[AUDIT] add session id to audit messages\n\nIn order to correlate audit records to an individual login add a session\nid. This is incremented every time a user logs in and is included in\nalmost all messages which currently output the auid. The field is\nlabeled ses\u003d or oses\u003d\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "c2a7780efe37d01bdb3facc85a94663e6d67d4a8", "tree": "a7e30dcb7bfb386c84de9918dcfa92381675d59f", "parents": [ "f701b75ed5ffb6820efe530d1a3abcc6fc4678ad" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 13:40:17 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:06:23 2008 -0500" }, "message": "[AUDIT] collect uid, loginuid, and comm in OBJ_PID records\n\nAdd uid, loginuid, and comm collection to OBJ_PID records. This just\ngives users a little more information about the task that received a\nsignal. pid is rather meaningless after the fact, and even though comm\nisn\u0027t great we can\u0027t collect exe reasonably on this code path for\nperformance reasons.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "f701b75ed5ffb6820efe530d1a3abcc6fc4678ad", "tree": "46036f5e1b2703f6f9073a4a1469e3c5a611083e", "parents": [ "bfef93a5d1fb5654fe2025276c55e202d10b5255" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 13:34:51 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:05:55 2008 -0500" }, "message": "[AUDIT] return EINTR not ERESTART*\n\nThe syscall exit code will change ERESTART* kernel internal return codes\nto EINTR if it does not restart the syscall. Since we collect the audit\ninfo before that point we should fix those in the audit log as well.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "bfef93a5d1fb5654fe2025276c55e202d10b5255", "tree": "573d8153c5d5216b0c4007b652286eeddd3c0987", "parents": [ "0c11b9428f619ab377c92eff2f160a834a6585dd" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jan 10 04:53:18 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:05:28 2008 -0500" }, "message": "[PATCH] get rid of loginuid races\n\nKeeping loginuid in audit_context is racy and results in messier\ncode. Taken to task_struct, out of the way of -\u003eaudit_context\nchanges.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "0c11b9428f619ab377c92eff2f160a834a6585dd", "tree": "35b573715ad5730a77d067486838345132771a7a", "parents": [ "24e1c13c93cbdd05e4b7ea921c0050b036555adc" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jan 10 04:20:52 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:04:59 2008 -0500" }, "message": "[PATCH] switch audit_get_loginuid() to task_struct *\n\nall callers pass something-\u003eaudit_context\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "481968f44e81aac3b1b4863baf2c497ec46388f6", "tree": "7d09ab4c43956a170ba26eb963d9111e33acb1ae", "parents": [ "e95d9c6b046f665da551a51b4071902336a6118c" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Sun Oct 21 20:59:53 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Oct 22 19:40:02 2007 -0700" }, "message": "auditsc: fix kernel-doc param warnings\n\nFix kernel-doc for auditsc parameter changes.\n\nWarning(linux-2.6.23-git17//kernel/auditsc.c:1623): No description found for parameter \u0027dentry\u0027\nWarning(linux-2.6.23-git17//kernel/auditsc.c:1666): No description found for parameter \u0027dentry\u0027\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "74c3cbe33bc077ac1159cadfea608b501e100344", "tree": "4c4023caa4e15d19780255fa5880df3d36eb292c", "parents": [ "455434d450a358ac5bcf3fc58f8913d13c544622" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 08:04:18 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Oct 21 02:37:45 2007 -0400" }, "message": "[PATCH] audit: watching subtrees\n\nNew kind of audit rule predicates: \"object is visible in given subtree\".\nThe part that can be sanely implemented, that is. Limitations:\n\t* if you have hardlink from outside of tree, you\u0027d better watch\nit too (or just watch the object itself, obviously)\n\t* if you mount something under a watched tree, tell audit\nthat new chunk should be added to watched subtrees\n\t* if you umount something in a watched tree and it\u0027s still mounted\nelsewhere, you will get matches on events happening there. New command\ntells audit to recalculate the trees, trimming such sources of false\npositives.\n\nNote that it\u0027s _not_ about path - if something mounted in several places\n(multiple mount, bindings, different namespaces, etc.), the match does\n_not_ depend on which one we are using for access.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5a190ae69766da9a34bf31200c5cea4c0667cf94", "tree": "340c500fe42518abe6d1159a00619b1bd02f07fc", "parents": [ "cfa76f024f7c9e65169425804e5b32e71f66d0ee" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jun 07 12:19:32 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Oct 21 02:37:18 2007 -0400" }, "message": "[PATCH] pass dentry to audit_inode()/audit_inode_child()\n\nmakes caller simpler *and* allows to scan ancestors\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9f8dbe9c9ccd847b07a374f92f3c71251e5789cf", "tree": "187542cab2b08bdc97a29ef11efba7c2de5a1eb6", "parents": [ "314f70fd967064c7fa0734908f5feae6ac2831a9" ], "author": { "name": "Daniel Walker", "email": "dwalker@mvista.com", "time": "Thu Oct 18 03:06:09 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Oct 18 14:37:25 2007 -0700" }, "message": "whitespace fixes: syscall auditing\n\nSigned-off-by: Daniel Walker \u003cdwalker@mvista.com\u003e\nCc: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a9022e9cb9e919e31d5bc15fcef5c7186740645e", "tree": "48aea98aec8d9822155b2054bc60f9142f478769", "parents": [ "ea0b7d5da0024df1c6f2c2139dbeb4fd260baac6" ], "author": { "name": "Jesper Juhl", "email": "jesper.juhl@gmail.com", "time": "Tue Oct 16 23:26:23 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:42:48 2007 -0700" }, "message": "Clean up duplicate includes in kernel/\n\nThis patch cleans up duplicate includes in\n\tkernel/\n\nSigned-off-by: Jesper Juhl \u003cjesper.juhl@gmail.com\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nReviewed-by: Satyam Sharma \u003cssatyam@cse.iitk.ac.in\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "50e437d522a6cc34a882b2f740297f1b6b4c3af3", "tree": "6026dbb5014495aa9f847a342b8f96c87aabd4ef", "parents": [ "7b159fc18d417980f57aef64cab3417ee6af70f8" ], "author": { "name": "Trond Myklebust", "email": "Trond.Myklebust@netapp.com", "time": "Thu Jun 07 22:44:34 2007 -0400" }, "committer": { "name": "Trond Myklebust", "email": "Trond.Myklebust@netapp.com", "time": "Tue Oct 09 17:15:26 2007 -0400" }, "message": "SUNRPC: Convert rpc_pipefs to use the generic filesystem notification hooks\n\nThis will allow rpc.gssd to use inotify instead of dnotify in order to\nlocate new rpc upcall pipes.\n\nThis also requires the exporting of __audit_inode_child(), which is used by\nfsnotify_create() and fsnotify_mkdir(). Ccing David Woodhouse.\n\nCc: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n" }, { "commit": "88ae704c2aba150372e3d5c2f017c816773d09a7", "tree": "a275e81c2fb7411d77be1b71e3d873d68e6acea2", "parents": [ "8e81cc13a88ce486a6b0a6ca56aba6985824917a" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Wed Aug 22 14:01:05 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Aug 22 19:52:44 2007 -0700" }, "message": "kernel/auditsc.c: fix an off-by-one\n\nThis patch fixes an off-by-one in a BUG_ON() spotted by the Coverity\nchecker.\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nCc: Amy Griffis \u003camy.griffis@hp.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "175fc484256e9c85e043f599ec2f6bc0d2e6c443", "tree": "e9a485aaa0810cb85f1198579596f9bd46d5e7c0", "parents": [ "9dc83afdbefd184bf29f347e8fcbb6d8a2b5e6fe" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Wed Aug 08 00:01:46 2007 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Aug 07 19:58:56 2007 -0700" }, "message": "fix oops in __audit_signal_info()\n\n\tThe check for audit_signals is misplaced and the check for\naudit_dummy_context() is missing; as the result, if we send a signal to\nauditd from task with NULL -\u003eaudit_context while we have audit_signals\n!\u003d 0 we end up with an oops.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "040b3a2df2dd26c3e401823f3b0ce3fe99e966c5", "tree": "dbf88e0023db86669e775ed2ab4c5fb55186ffe0", "parents": [ "0af3678f7c5872836d1cc8d7c659abd62c3c5ae7" ], "author": { "name": "Peter Zijlstra", "email": "a.p.zijlstra@chello.nl", "time": "Sat Jul 28 00:55:18 2007 +0200" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sat Jul 28 19:42:22 2007 -0700" }, "message": "audit: fix two bugs in the new execve audit code\n\ncopy_from_user() returns the number of bytes not copied, hence 0 is the\nexpected output.\n\naxi-\u003emm might not be valid anymore when not equal to current-\u003emm, do not\ndereference before checking that - thanks to Al for spotting that.\n\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nTested-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4259fa01a2d2aa3e589b34ba7624080232d9c1ff", "tree": "3aa83d784c4db22f3b62e4d963757497555c5e5c", "parents": [ "74f2345b6be1410f824cb7dd638d2c10a9709379" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jun 07 11:13:31 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 09:57:02 2007 -0400" }, "message": "[PATCH] get rid of AVC_PATH postponed treatment\n\n Selinux folks had been complaining about the lack of AVC_PATH\nrecords when audit is disabled. I must admit my stupidity - I assumed\nthat avc_audit() really couldn\u0027t use audit_log_d_path() because of\ndeadlocks (\u003d\u003d could be called with dcache_lock or vfsmount_lock held).\nShouldn\u0027t have made that assumption - it never gets called that way.\nIt _is_ called under spinlocks, but not those.\n\n Since audit_log_d_path() uses ab-\u003egfp_mask for allocations,\nkmalloc() in there is not a problem. IOW, the simple fix is sufficient:\nlet\u0027s rip AUDIT_AVC_PATH out and simply generate pathname as part of main\nrecord. It\u0027s trivial to do.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5b9a4262232d632c28990fcdf4f36d0e0ade5f18", "tree": "1ced97f3605de37877045747cc4bb37c0c759509", "parents": [ "d7fff6f4d1ed1bc31577df887fefcb1541923367" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Tue May 29 10:38:18 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 09:57:02 2007 -0400" }, "message": "[PATCH] Make IPC mode consistent\n\nThe mode fields for IPC records are not consistent. Some are hex, others are\noctal. This patch makes them all octal.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b6a2fea39318e43fee84fa7b0b90d68bed92d2ba", "tree": "c9c3619cb2730b5c10c7427b837146bce3d69156", "parents": [ "bdf4c48af20a3b0f01671799ace345e3d49576da" ], "author": { "name": "Ollie Wild", "email": "aaw@google.com", "time": "Thu Jul 19 01:48:16 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Jul 19 10:04:45 2007 -0700" }, "message": "mm: variable length argument support\n\nRemove the arg+env limit of MAX_ARG_PAGES by copying the strings directly from\nthe old mm into the new mm.\n\nWe create the new mm before the binfmt code runs, and place the new stack at\nthe very top of the address space. Once the binfmt code runs and figures out\nwhere the stack should be, we move it downwards.\n\nIt is a bit peculiar in that we have one task with two mm\u0027s, one of which is\ninactive.\n\n[a.p.zijlstra@chello.nl: limit stack size]\nSigned-off-by: Ollie Wild \u003caaw@google.com\u003e\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: \u003clinux-arch@vger.kernel.org\u003e\nCc: Hugh Dickins \u003chugh@veritas.com\u003e\n[bunk@stusta.de: unexport bprm_mm_init]\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "bdf4c48af20a3b0f01671799ace345e3d49576da", "tree": "7c3b903d2de1cba6e212ad6f347bc8742b08035a", "parents": [ "b111757c50ee30dad162192df6168e270a90c252" ], "author": { "name": "Peter Zijlstra", "email": "a.p.zijlstra@chello.nl", "time": "Thu Jul 19 01:48:15 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Jul 19 10:04:45 2007 -0700" }, "message": "audit: rework execve audit\n\nThe purpose of audit_bprm() is to log the argv array to a userspace daemon at\nthe end of the execve system call. Since user-space hasn\u0027t had time to run,\nthis array is still in pristine state on the process\u0027 stack; so no need to\ncopy it, we can just grab it from there.\n\nIn order to minimize the damage to audit_log_*() copy each string into a\ntemporary kernel buffer first.\n\nCurrently the audit code requires that the full argument vector fits in a\nsingle packet. So currently it does clip the argv size to a (sysctl) limit,\nbut only when execve auditing is enabled.\n\nIf the audit protocol gets extended to allow for multiple packets this check\ncan be removed.\n\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nSigned-off-by: Ollie Wild \u003caaw@google.com\u003e\nCc: \u003clinux-audit@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "6d9525b52aecd11b14c4ec982add01c11157172f", "tree": "7664b09fdf09adb656e865a055cc2f2532919b77", "parents": [ "dcf5008db171211e3c34c060cacfd788306b034b" ], "author": { "name": "Henrik Kretzschmar", "email": "henne@nachtwindheim.de", "time": "Sun Jul 15 23:41:10 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:48 2007 -0700" }, "message": "kerneldoc fix in audit_core_dumps\n\nFix parameter name in audit_core_dumps for kerneldoc.\n\nSigned-off-by: Henrik Kretzschmar \u003chenne@nachtwindheim.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "522ed7767e800cff6c650ec64b0ee0677303119c", "tree": "f65ecb29f2cf885018d3557f840de3ef4be6ec64", "parents": [ "4f27c00bf80f122513d3a5be16ed851573164534" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Sun Jul 15 23:40:56 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "Audit: add TTY input auditing\n\nAdd TTY input auditing, used to audit system administrator\u0027s actions. This is\nrequired by various security standards such as DCID 6/3 and PCI to provide\nnon-repudiation of administrator\u0027s actions and to allow a review of past\nactions if the administrator seems to overstep their duties or if the system\nbecomes misconfigured for unknown reasons. These requirements do not make it\nnecessary to audit TTY output as well.\n\nCompared to an user-space keylogger, this approach records TTY input using the\naudit subsystem, correlated with other audit events, and it is completely\ntransparent to the user-space application (e.g. the console ioctls still\nwork).\n\nTTY input auditing works on a higher level than auditing all system calls\nwithin the session, which would produce an overwhelming amount of mostly\nuseless audit events.\n\nAdd an \"audit_tty\" attribute, inherited across fork (). Data read from TTYs\nby process with the attribute is sent to the audit subsystem by the kernel.\nThe audit netlink interface is extended to allow modifying the audit_tty\nattribute, and to allow sending explanatory audit events from user-space (for\nexample, a shell might send an event containing the final command, after the\ninteractive command-line editing and history expansion is performed, which\nmight be difficult to decipher from the TTY input alone).\n\nBecause the \"audit_tty\" attribute is inherited across fork (), it would be set\ne.g. for sshd restarted within an audited session. To prevent this, the\naudit_tty attribute is cleared when a process with no open TTY file\ndescriptors (e.g. after daemon startup) opens a TTY.\n\nSee https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a\nmore detailed rationale document for an older version of this patch.\n\n[akpm@linux-foundation.org: build fix]\nSigned-off-by: Miloslav Trmac \u003cmitr@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: Paul Fulghum \u003cpaulkf@microgate.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0a4ff8c2598b72f2fa9d50aae9e1809e684dbf41", "tree": "309f2b2b5874692302862534cd9052a1d96018ba", "parents": [ "5712e88f2b0f626a4857c24128810bbf8ce09537" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Thu Apr 19 10:28:21 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:26 2007 -0400" }, "message": "[PATCH] Abnormal End of Processes\n\nHi,\n\nI have been working on some code that detects abnormal events based on audit\nsystem events. One kind of event that we currently have no visibility for is\nwhen a program terminates due to segfault - which should never happen on a\nproduction machine. And if it did, you\u0027d want to investigate it. Attached is a\npatch that collects these events and sends them into the audit system.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5712e88f2b0f626a4857c24128810bbf8ce09537", "tree": "1285a3e632e6c3d6dfecc2c3445770a559c712ca", "parents": [ "4fc03b9beb2314f3adb9e72b7935a80c577954d1" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Tue Feb 13 14:15:22 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:26 2007 -0400" }, "message": "[PATCH] match audit name data\n\nMake more effort to detect previously collected names, so we don\u0027t log\nmultiple PATH records for a single filesystem object. Add\naudit_inc_name_count() to reduce duplicate code.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4fc03b9beb2314f3adb9e72b7935a80c577954d1", "tree": "81e04534c582923fcdc8212497d1487ddae412a8", "parents": [ "510f4006e7a82b37b53c17bbe64ec20f3a59302b" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Tue Feb 13 14:15:01 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:26 2007 -0400" }, "message": "[PATCH] complete message queue auditing\n\nHandle the edge cases for POSIX message queue auditing. Collect inode\ninfo when opening an existing mq, and for send/receive operations. Remove\naudit_inode_update() as it has really evolved into the equivalent of\naudit_inode().\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e41e8bde43026d5d2e41464e6105a50b31e34102", "tree": "1ba5c647ce69db81d327b0024294445a449cf1c0", "parents": [ "e54dc2431d740a79a6bd013babade99d71b1714f" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Tue Feb 13 14:14:09 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:25 2007 -0400" }, "message": "[PATCH] initialize name osid\n\nAudit contexts can be reused, so initialize a name\u0027s osid to the\ndefault in audit_getname(). This ensures we don\u0027t log a bogus object\nlabel when no inode data is collected for a name.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e54dc2431d740a79a6bd013babade99d71b1714f", "tree": "16b0990d5c16946239a17b332f54b5918fb03305", "parents": [ "7f13da40e36c84d0d046b7adbd060af7d3717250" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Mar 29 18:01:04 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:25 2007 -0400" }, "message": "[PATCH] audit signal recipients\n\nWhen auditing syscalls that send signals, log the pid and security\ncontext for each target process. Optimize the data collection by\nadding a counter for signal-related rules, and avoiding allocating an\naux struct unless we have more than one target process. For process\ngroups, collect pid/context data in blocks of 16. Move the\naudit_signal_info() hook up in check_kill_permission() so we audit\nattempts where permission is denied.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a5cb013da773a67ee48d1c19e96436c22a73a7eb", "tree": "8832d105c4742674423bd50352b8a4805c44fecc", "parents": [ "129a84de2347002f09721cda3155ccfd19fade40" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 20 13:58:35 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:25 2007 -0400" }, "message": "[PATCH] auditing ptrace\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c4823bce033be74c0fcfbcae2f1be0854fdc2e18", "tree": "a37dce7574167fc3639b70bab2626bbf8eb896e3", "parents": [ "baab1087c61d4506f2c9f4cdb7da162160de16c2" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Mon Mar 12 16:17:42 2007 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Mar 14 15:27:48 2007 -0700" }, "message": "[PATCH] fix deadlock in audit_log_task_context()\n\nGFP_KERNEL allocations in non-blocking context; fixed by killing\nan idiotic use of security_getprocattr().\n\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "db3495099d3d52854b13874905af6e40a91f4721", "tree": "5a832081d70dd9dabda3498baf40b7d6ced47f24", "parents": [ "6a01b07fae482f9b34491b317056c89d3b96ca2e" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Feb 07 01:48:00 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Feb 17 21:30:15 2007 -0500" }, "message": "[PATCH] AUDIT_FD_PAIR\n\nProvide an audit record of the descriptor pair returned by pipe() and\nsocketpair(). Rewritten from the original posted to linux-audit by\nJohn D. Ramsdell \u003cramsdell@mitre.org\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a7a005fd12b84392becca311f2a20d5bf2a1b7af", "tree": "0baf326ea34bdef38e42a5ae664d348de3c69ae8", "parents": [ "ff273773bfd4f2131bad1318e56519fcceac2339" ], "author": { "name": "Josef Sipek", "email": "jsipek@fsl.cs.sunysb.edu", "time": "Fri Dec 08 02:37:17 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:46 2006 -0800" }, "message": "[PATCH] struct path: convert kernel\n\nSigned-off-by: Josef Sipek \u003cjsipek@fsl.cs.sunysb.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "24ec839c431eb79bb8f6abc00c4e1eb3b8c4d517", "tree": "2ff478b1925159eeac007913c2a8f19d5f5e6010", "parents": [ "562f9c574e0707f9159a729ea41faf53b221cd30" ], "author": { "name": "Peter Zijlstra", "email": "a.p.zijlstra@chello.nl", "time": "Fri Dec 08 02:36:04 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:38 2006 -0800" }, "message": "[PATCH] tty: -\u003esignal-\u003etty locking\n\nFix the locking of signal-\u003etty.\n\nUse -\u003esighand-\u003esiglock to protect -\u003esignal-\u003etty; this lock is already used\nby most other members of -\u003esignal/-\u003esighand. And unless we are \u0027current\u0027\nor the tasklist_lock is held we need -\u003esiglock to access -\u003esignal anyway.\n\n(NOTE: sys_unshare() is broken wrt -\u003esighand locking rules)\n\nNote that tty_mutex is held over tty destruction, so while holding\ntty_mutex any tty pointer remains valid. Otherwise the lifetime of ttys\nare governed by their open file handles. This leaves some holes for tty\naccess from signal-\u003etty (or any other non file related tty access).\n\nIt solves the tty SLAB scribbles we were seeing.\n\n(NOTE: the change from group_send_sig_info to __group_send_sig_info needs to\n be examined by someone familiar with the security framework, I think\n it is safe given the SEND_SIG_PRIV from other __group_send_sig_info\n invocations)\n\n[schwidefsky@de.ibm.com: 3270 fix]\n[akpm@osdl.org: various post-viro fixes]\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nAcked-by: Alan Cox \u003calan@redhat.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: Prarit Bhargava \u003cprarit@redhat.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Jeff Dike \u003cjdike@addtoit.com\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Jan Kara \u003cjack@ucw.cz\u003e\nSigned-off-by: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "161a09e737f0761ca064ee6a907313402f7a54b6", "tree": "80fdf6dc5de73d810ef0ec811299a5ec3c5ce23e", "parents": [ "95b99a670df31ca5271f503f378e5cac3aee8f5e" ], "author": { "name": "Joy Latten", "email": "latten@austin.ibm.com", "time": "Mon Nov 27 13:11:54 2006 -0600" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Dec 06 20:14:22 2006 -0800" }, "message": "audit: Add auditing to ipsec\n\nAn audit message occurs when an ipsec SA\nor ipsec policy is created/deleted.\n\nSigned-off-by: Joy Latten \u003clatten@austin.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a1f8e7f7fb9d7e2cbcb53170edca7c0ac4680697", "tree": "2d1190c0099291d56a9c986f16bec17df2f6768b", "parents": [ "b07e4ecd4d380ad697c54d729cb653d027077c99" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 19 16:08:53 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Dec 04 02:00:29 2006 -0500" }, "message": "[PATCH] severing skbuff.h -\u003e highmem.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ac9910ce017ff5f86f3a25e969b2c4f5d6ac438f", "tree": "f45d66fa60a02a9f5b32ea95a7d599cb1f175323", "parents": [ "419c58f11fb732cc8bd1335fa43e0decb34e0be3" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Thu Sep 28 14:31:32 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Oct 04 08:31:21 2006 -0400" }, "message": "[PATCH] name_count array overrun\n\nHi,\n\nThis patch removes the rdev logging from the previous patch\n\nThe below patch closes an unbounded use of name_count. This can lead to oopses\nin some new file systems.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "419c58f11fb732cc8bd1335fa43e0decb34e0be3", "tree": "7eb03026bd7e102d235ccc02f81daf1127d93358", "parents": [ "4b8a311bb161a3bd2ab44311f42c526b6dc76270" ], "author": { "name": "Alexander Viro", "email": "aviro@redhat.com", "time": "Fri Sep 29 00:08:50 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Oct 04 08:31:19 2006 -0400" }, "message": "[PATCH] PPID filtering fix\n\nOn Thu, Sep 28, 2006 at 04:03:06PM -0400, Eric Paris wrote:\n\u003e After some looking I did not see a way to get into audit_log_exit\n\u003e without having set the ppid. So I am dropping the set from there and\n\u003e only doing it at the beginning.\n\u003e\n\u003e Please comment/ack/nak as soon as possible.\n\nEhh... That\u0027s one hell of an overhead to be had ;-/ Let\u0027s be lazy.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "eb84a20e9e6b98dcb33023ad22241d79107a08a7", "tree": "4971aef730cc3a1917463afe1dbb381dea664e99", "parents": [ "5f412b24240d92212e50ebbaff2dff20c9e6f3d0" ], "author": { "name": "Alan Cox", "email": "alan@lxorguk.ukuu.org.uk", "time": "Fri Sep 29 02:01:41 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 29 09:18:25 2006 -0700" }, "message": "[PATCH] audit/accounting: tty locking\n\nAdd tty locking around the audit and accounting code.\n\nThe whole current-\u003esignal-\u003e locking is all deeply strange but it\u0027s for\nsomeone else to sort out. Add rather than replace the lock for acct.c\n\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nAcked-by: Arjan van de Ven \u003carjan@linux.intel.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1a70cd40cb291c25b67ec0da715a49d76719329d", "tree": "ffb4c6cd3f7ef1b92822ebbda11bd2b035c2bc86", "parents": [ "62bac0185ad3dfef11d9602980445c54d45199c6" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Sep 25 23:31:57 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:52 2006 -0700" }, "message": "[PATCH] selinux: rename selinux_ctxid_to_string\n\nRename selinux_ctxid_to_string to selinux_sid_to_string to be\nconsistent with other interfaces.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "62bac0185ad3dfef11d9602980445c54d45199c6", "tree": "8478673a1dccac5f4e7add4ad802a2bf69b269a4", "parents": [ "89fa30242facca249aead2aac03c4c69764f911c" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Sep 25 23:31:56 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:52 2006 -0700" }, "message": "[PATCH] selinux: eliminate selinux_task_ctxid\n\nEliminate selinux_task_ctxid since it duplicates selinux_task_get_sid.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "55669bfa141b488be865341ed12e188967d11308", "tree": "efeec37a93f46c48937eb849c083da9a42ed3709", "parents": [ "dc104fb3231f11e95b5a0f09ae3ab27a8fd5b2e8" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 31 19:26:40 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Sep 11 13:32:30 2006 -0400" }, "message": "[PATCH] audit: AUDIT_PERM support\n\nadd support for AUDIT_PERM predicate\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3f2792ffbd88dc1cd41d226674cc428914981e98", "tree": "40d176c192eed972df3acd494079d56e6b0e9a34", "parents": [ "5ac3a9c26c1cc4861d9cdd8b293fecbfcdc81afe" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 16 06:43:48 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:59:51 2006 -0400" }, "message": "[PATCH] take filling -\u003epid, etc. out of audit_get_context()\n\nmove that stuff downstream and into the only branch where it\u0027ll be\nused.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5ac3a9c26c1cc4861d9cdd8b293fecbfcdc81afe", "tree": "6ca960fade3253ac358f3614e6a07361fc90d09e", "parents": [ "d51374adf5f2f88155a072d3d801104e3c0c3d7f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 16 06:38:45 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:59:42 2006 -0400" }, "message": "[PATCH] don\u0027t bother with aux entires for dummy context\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d51374adf5f2f88155a072d3d801104e3c0c3d7f", "tree": "2b87e74cdb43fca5635cc25fb5a419cbb686ce00", "parents": [ "471a5c7c839114cc8b55876203aeb2817c33e3c5" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:59:26 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:59:26 2006 -0400" }, "message": "[PATCH] mark context of syscall entered with no rules as dummy\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "471a5c7c839114cc8b55876203aeb2817c33e3c5", "tree": "a034011f4efe66adcdca6e21efc2e05b0c0d3e34", "parents": [ "5422e01ac16df7398b2bad1eccad0ae3be4dee32" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jul 10 08:29:24 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:55:18 2006 -0400" }, "message": "[PATCH] introduce audit rules counter\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "73d3ec5abad3f1730ac8530899d2c14d92f3ad63", "tree": "c2829a1e36ca155eecc7d4b8648fe9755247bec5", "parents": [ "3e2efce067cec0099f99ae59f28feda99b02b498" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Jul 13 13:16:39 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:50:30 2006 -0400" }, "message": "[PATCH] fix missed create event for directory audit\n\nWhen an object is created via a symlink into an audited directory, audit misses\nthe event due to not having collected the inode data for the directory. Modify\n__audit_inode_child() to copy the parent inode data if a parent wasn\u0027t found in\naudit_names[].\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3e2efce067cec0099f99ae59f28feda99b02b498", "tree": "94577cb6cb7f223319bb89a805b2d6945d42632e", "parents": [ "46f5960fdbf359f0c75989854bbaebc1de7a1eb4" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Jul 13 13:16:02 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:50:21 2006 -0400" }, "message": "[PATCH] fix faulty inode data collection for open() with O_CREAT\n\nWhen the specified path is an existing file or when it is a symlink, audit\ncollects the wrong inode number, which causes it to miss the open() event.\nAdding a second hook to the open() path fixes this.\n\nAlso add audit_copy_inode() to consolidate some code.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "6e5a2d1d32596850a0ebf7fb3e54c0d69901dabd", "tree": "27718d7df96c9b9f08a2ba333aa36c8e9ebbadfe", "parents": [ "3a6b9f85c641a3b89420b0c8150ed377526a1fe1" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@trustedcs.com", "time": "Thu Jun 29 16:57:08 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 01 05:44:19 2006 -0400" }, "message": "[PATCH] audit: support for object context filters\n\nThis patch introduces object audit filters based on the elements\nof the SELinux context.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\n\n kernel/auditfilter.c | 25 +++++++++++++++++++++++++\n kernel/auditsc.c | 40 ++++++++++++++++++++++++++++++++++++++++\n security/selinux/ss/services.c | 18 +++++++++++++++++-\n 3 files changed, 82 insertions(+), 1 deletion(-)\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3a6b9f85c641a3b89420b0c8150ed377526a1fe1", "tree": "e44e64edf0620d3f6da443c57540b09882231459", "parents": [ "5adc8a6adc91c4c85a64c75a70a619fffc924817" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@trustedcs.com", "time": "Thu Jun 29 16:56:39 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 01 05:44:08 2006 -0400" }, "message": "[PATCH] audit: rename AUDIT_SE_* constants\n\nThis patch renames some audit constant definitions and adds\nadditional definitions used by the following patch. The renaming\navoids ambiguity with respect to the new definitions.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\n\n include/linux/audit.h | 15 ++++++++----\n kernel/auditfilter.c | 50 ++++++++++++++++++++---------------------\n kernel/auditsc.c | 10 ++++----\n security/selinux/ss/services.c | 32 +++++++++++++-------------\n 4 files changed, 56 insertions(+), 51 deletions(-)\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5adc8a6adc91c4c85a64c75a70a619fffc924817", "tree": "ace9af6bbc3cf711f43cfd88e834baeb6989ca3f", "parents": [ "9262e9149f346a5443300f8c451b8e7631e81a42" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Wed Jun 14 18:45:21 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 01 05:43:06 2006 -0400" }, "message": "[PATCH] add rule filterkey\n\nAdd support for a rule key, which can be used to tie audit records to audit\nrules. This is useful when a watched file is accessed through a link or\nsymlink, as well as for general audit log analysis.\n\nBecause this patch uses a string key instead of an integer key, there is a bit\nof extra overhead to do the kstrdup() when a rule fires. However, we\u0027re also\nallocating memory for the audit record buffer, so it\u0027s probably not that\nsignificant. I went ahead with a string key because it seems more\nuser-friendly.\n\nNote that the user must ensure that filterkeys are unique. The kernel only\nchecks for duplicate rules.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hpd.com\u003e\n" }, { "commit": "9a66a53f558efc2619a438278d2919b3c9a7f673", "tree": "c3d20628f1d688f6099556995b597ef629970f7f", "parents": [ "4ad98457aa545bc4d03d417da86325507aa586ec" ], "author": { "name": "Jesper Juhl", "email": "jesper.juhl@gmail.com", "time": "Tue Jun 27 02:55:05 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jun 27 17:32:48 2006 -0700" }, "message": "[PATCH] Remove redundant NULL checks before [kv]free - in kernel/\n\nRemove redundant kfree NULL checks from kernel/\n\nSigned-off-by: Jesper Juhl \u003cjesper.juhl@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1dbe83c3445a1604546620a60888cf26b63f8782", "tree": "c4113aeb6a2beaff433ffddd19121f37e119b444", "parents": [ "283fef59d6e934e8da11631446ea8e2e93fce14c" ], "author": { "name": "Randy Dunlap", "email": "rdunlap@xenotime.net", "time": "Tue Jun 27 02:54:01 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jun 27 17:32:39 2006 -0700" }, "message": "[PATCH] fix kernel-doc in kernel/ dir\n\nFix kernel-doc parameters in kernel/\n\nWarning(/var/linsrc/linux-2617-g9//kernel/auditsc.c:1376): No description found for parameter \u0027u_abs_timeout\u0027\nWarning(/var/linsrc/linux-2617-g9//kernel/auditsc.c:1420): No description found for parameter \u0027u_msg_prio\u0027\nWarning(/var/linsrc/linux-2617-g9//kernel/auditsc.c:1420): No description found for parameter \u0027u_abs_timeout\u0027\nWarning(/var/linsrc/linux-2617-g9//kernel/acct.c:526): No description found for parameter \u0027pacct\u0027\n\nSigned-off-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "862f5f0133f1c8a179dd93adc03d43f8f7e8bac5", "tree": "51ef137f4a648859c339988413a19ab3567c032e", "parents": [ "d83015b8f62ee3fcd338f6f009051ed57f77a531" ], "author": { "name": "Randy Dunlap", "email": "rdunlap@xenotime.net", "time": "Fri Jun 23 02:05:52 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jun 23 07:43:07 2006 -0700" }, "message": "[PATCH] Doc: add audit \u0026 acct to DocBook\n\nFix one audit kernel-doc description (one parameter was missing).\nAdd audit*.c interfaces to DocBook.\nAdd BSD accounting interfaces to DocBook.\n\nSigned-off-by: Randy Dunlap \u003crdunlap@xenotime.net\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "41757106b9ca7867dafb2404d618f947b4786fd7", "tree": "6feff3fade7d842e58d535eef4f397ebfb8ae19e", "parents": [ "9c937dcc71021f2dbf78f904f03d962dd9bcc130" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Mon Jun 12 07:48:28 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:29 2006 -0400" }, "message": "[PATCH] make set_loginuid obey audit_enabled\n\nHi,\n\nI was doing some testing and noticed that when the audit system was disabled,\nI was still getting messages about the loginuid being set. The following patch\nmakes audit_set_loginuid look at in_syscall to determine if it should create\nan audit event. The loginuid will continue to be set as long as there is a context.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9c937dcc71021f2dbf78f904f03d962dd9bcc130", "tree": "6ab53c1cf1235515307d521cecc4f76afa34e137", "parents": [ "6a2bceec0ea7fdc47aef9a3f2f771c201eaabe5d" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Jun 08 23:19:31 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:28 2006 -0400" }, "message": "[PATCH] log more info for directory entry change events\n\nWhen an audit event involves changes to a directory entry, include\na PATH record for the directory itself. A few other notable changes:\n\n - fixed audit_inode_child() hooks in fsnotify_move()\n - removed unused flags arg from audit_inode()\n - added audit log routines for logging a portion of a string\n\nHere\u0027s some sample output.\n\nbefore patch:\ntype\u003dSYSCALL msg\u003daudit(1149821605.320:26): arch\u003d40000003 syscall\u003d39 success\u003dyes exit\u003d0 a0\u003dbf8d3c7c a1\u003d1ff a2\u003d804e1b8 a3\u003dbf8d3c7c items\u003d1 ppid\u003d739 pid\u003d800 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dttyS0 comm\u003d\"mkdir\" exe\u003d\"/bin/mkdir\" subj\u003droot:system_r:unconfined_t:s0-s0:c0.c255\ntype\u003dCWD msg\u003daudit(1149821605.320:26): cwd\u003d\"/root\"\ntype\u003dPATH msg\u003daudit(1149821605.320:26): item\u003d0 name\u003d\"foo\" parent\u003d164068 inode\u003d164010 dev\u003d03:00 mode\u003d040755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_t:s0\n\nafter patch:\ntype\u003dSYSCALL msg\u003daudit(1149822032.332:24): arch\u003d40000003 syscall\u003d39 success\u003dyes exit\u003d0 a0\u003dbfdd9c7c a1\u003d1ff a2\u003d804e1b8 a3\u003dbfdd9c7c items\u003d2 ppid\u003d714 pid\u003d777 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dttyS0 comm\u003d\"mkdir\" exe\u003d\"/bin/mkdir\" subj\u003droot:system_r:unconfined_t:s0-s0:c0.c255\ntype\u003dCWD msg\u003daudit(1149822032.332:24): cwd\u003d\"/root\"\ntype\u003dPATH msg\u003daudit(1149822032.332:24): item\u003d0 name\u003d\"/root\" inode\u003d164068 dev\u003d03:00 mode\u003d040750 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_dir_t:s0\ntype\u003dPATH msg\u003daudit(1149822032.332:24): item\u003d1 name\u003d\"foo\" inode\u003d164010 dev\u003d03:00 mode\u003d040755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_t:s0\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f368c07d7214a7c41dfceb76c8db473b850f0229", "tree": "e3f1e2d1a6ffbe61bf99ece51b906654728db4c9", "parents": [ "20ca73bc792be9625af184cbec36e1372611d1c3" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Fri Apr 07 16:55:56 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:27 2006 -0400" }, "message": "[PATCH] audit: path-based rules\n\nIn this implementation, audit registers inotify watches on the parent\ndirectories of paths specified in audit rules. When audit\u0027s inotify\nevent handler is called, it updates any affected rules based on the\nfilesystem event. If the parent directory is renamed, removed, or its\nfilesystem is unmounted, audit removes all rules referencing that\ninotify watch.\n\nTo keep things simple, this implementation limits location-based\nauditing to the directory entries in an existing directory. Given\na path-based rule for /foo/bar/passwd, the following table applies:\n\n passwd modified -- audit event logged\n passwd replaced -- audit event logged, rules list updated\n bar renamed -- rule removed\n foo renamed -- untracked, meaning that the rule now applies to\n\t\t the new location\n\nAudit users typically want to have many rules referencing filesystem\nobjects, which can significantly impact filtering performance. This\npatch also adds an inode-number-based rule hash to mitigate this\nsituation.\n\nThe patch is relative to the audit git tree:\nhttp://kernel.org/git/?p\u003dlinux/kernel/git/viro/audit-current.git;a\u003dsummary\nand uses the inotify kernel API:\nhttp://lkml.org/lkml/2006/6/1/145\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "20ca73bc792be9625af184cbec36e1372611d1c3", "tree": "98a1232ad3c9baa14676b2b48fab79a3df4a20b0", "parents": [ "8ba8e0fbe6321961f6ba04e2fd7215b37d935c83" ], "author": { "name": "George C. Wilson", "email": "ltcgcw@us.ibm.com", "time": "Wed May 24 16:09:55 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:26 2006 -0400" }, "message": "[PATCH] Audit of POSIX Message Queue Syscalls v.2\n\nThis patch adds audit support to POSIX message queues. It applies cleanly to\nthe lspp.b15 branch of Al Viro\u0027s git tree. There are new auxiliary data\nstructures, and collection and emission routines in kernel/auditsc.c. New hooks\nin ipc/mqueue.c collect arguments from the syscalls.\n\nI tested the patch by building the examples from the POSIX MQ library tarball.\nBuild them -lrt, not against the old MQ library in the tarball. Here\u0027s the URL:\nhttp://www.geocities.com/wronski12/posix_ipc/libmqueue-4.41.tar.gz\nDo auditctl -a exit,always -S for mq_open, mq_timedsend, mq_timedreceive,\nmq_notify, mq_getsetattr. mq_unlink has no new hooks. Please see the\ncorresponding userspace patch to get correct output from auditd for the new\nrecord types.\n\n[fixes folded]\n\nSigned-off-by: George Wilson \u003cltcgcw@us.ibm.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "014149cce19c5acb19014e57a5b739b7f64e6fbf", "tree": "eb92d3e25264e1ff89bffcedaca88c44ff7efae2", "parents": [ "d8945bb51a2bb6623cfa36b9ff63594f46d513aa" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue May 23 01:36:13 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:25 2006 -0400" }, "message": "[PATCH] deprecate AUDIT_POSSBILE\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d8945bb51a2bb6623cfa36b9ff63594f46d513aa", "tree": "b369c9b853e90790a04baa70ee66a2ef9e15fd18", "parents": [ "e0182909297da8d38a5d473ae7bee3d0324632a1" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 18 16:01:30 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:25 2006 -0400" }, "message": "[PATCH] inline more audit helpers\n\npull checks for -\u003eaudit_context into inlined wrappers\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ac03221a4fdda9bfdabf99bcd129847f20fc1d80", "tree": "9b65ede238b03007bfe5e25f46efca68ec0994e0", "parents": [ "5d136a010de3bc16fe595987feb9ef8868f064c2" ], "author": { "name": "Linda Knippers", "email": "linda.knippers@hp.com", "time": "Tue May 16 22:03:48 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:24 2006 -0400" }, "message": "[PATCH] update of IPC audit record cleanup\n\nThe following patch addresses most of the issues with the IPC_SET_PERM\nrecords as described in:\nhttps://www.redhat.com/archives/linux-audit/2006-May/msg00010.html\nand addresses the comments I received on the record field names.\n\nTo summarize, I made the following changes:\n\n1. Changed sys_msgctl() and semctl_down() so that an IPC_SET_PERM\n record is emitted in the failure case as well as the success case.\n This matches the behavior in sys_shmctl(). I could simplify the\n code in sys_msgctl() and semctl_down() slightly but it would mean\n that in some error cases we could get an IPC_SET_PERM record\n without an IPC record and that seemed odd.\n\n2. No change to the IPC record type, given no feedback on the backward\n compatibility question.\n\n3. Removed the qbytes field from the IPC record. It wasn\u0027t being\n set and when audit_ipc_obj() is called from ipcperms(), the\n information isn\u0027t available. If we want the information in the IPC\n record, more extensive changes will be necessary. Since it only\n applies to message queues and it isn\u0027t really permission related, it\n doesn\u0027t seem worth it.\n\n4. Removed the obj field from the IPC_SET_PERM record. This means that\n the kern_ipc_perm argument is no longer needed.\n\n5. Removed the spaces and renamed the IPC_SET_PERM field names. Replaced iuid and\n igid fields with ouid and ogid in the IPC record.\n\nI tested this with the lspp.22 kernel on an x86_64 box. I believe it\napplies cleanly on the latest kernel.\n\n-- ljk\n\nSigned-off-by: Linda Knippers \u003clinda.knippers@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3c66251e573219a0532a5a07381b2f60a412d9eb", "tree": "b047b25d28ae1abe6bb81daba886e44e0a82094f", "parents": [ "f46038ff7d23ae092d61b366332c05aab8227b48" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat May 06 08:26:27 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:22 2006 -0400" }, "message": "[PATCH] add filtering by ppid\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f46038ff7d23ae092d61b366332c05aab8227b48", "tree": "b1615e261d90cd6f83065b3d8350a6b2cd7176a2", "parents": [ "e1396065e0489f98b35021b97907ab4edbfb24e1" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat May 06 08:22:52 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:22 2006 -0400" }, "message": "[PATCH] log ppid\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e1396065e0489f98b35021b97907ab4edbfb24e1", "tree": "a276ea0a2ece9132d435adf1a1f82d0ada1ae938", "parents": [ "473ae30bc7b1dda5c5791c773f95e9424ddfead9" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 25 10:19:47 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:21 2006 -0400" }, "message": "[PATCH] collect sid of those who send signals to auditd\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "473ae30bc7b1dda5c5791c773f95e9424ddfead9", "tree": "541f6f20b9131fcfb650ca491e291d3c6b148a1b", "parents": [ "9044e6bca5a4a575d3c068dfccb5651a2d6a13bc" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Apr 26 14:04:08 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:21 2006 -0400" }, "message": "[PATCH] execve argument logging\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "2ad312d2093ae506ae0fa184d8d026b559083087", "tree": "890337ebca18ab31546b84a9831fb9c337e8e272", "parents": [ "073115d6b29c7910feaa08241c6484637f5ca958" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Tue Apr 11 08:50:56 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:10:07 2006 -0400" }, "message": "[PATCH] Audit Filter Performance\n\nWhile testing the watch performance, I noticed that selinux_task_ctxid()\nwas creeping into the results more than it should. Investigation showed\nthat the function call was being called whether it was needed or not. The\nbelow patch fixes this.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "073115d6b29c7910feaa08241c6484637f5ca958", "tree": "5fd32da9f54b3c12b65d3c0142fb9bdf87dc01c3", "parents": [ "ce29b682e228c70cdc91a1b2935c5adb2087bab8" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Sun Apr 02 17:07:33 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:10:04 2006 -0400" }, "message": "[PATCH] Rework of IPC auditing\n\n1) The audit_ipc_perms() function has been split into two different\nfunctions:\n - audit_ipc_obj()\n - audit_ipc_set_perm()\n\nThere\u0027s a key shift here... The audit_ipc_obj() collects the uid, gid,\nmode, and SElinux context label of the current ipc object. This\naudit_ipc_obj() hook is now found in several places. Most notably, it\nis hooked in ipcperms(), which is called in various places around the\nipc code permforming a MAC check. Additionally there are several places\nwhere *checkid() is used to validate that an operation is being\nperformed on a valid object while not necessarily having a nearby\nipcperms() call. In these locations, audit_ipc_obj() is called to\nensure that the information is captured by the audit system.\n\nThe audit_set_new_perm() function is called any time the permissions on\nthe ipc object changes. In this case, the NEW permissions are recorded\n(and note that an audit_ipc_obj() call exists just a few lines before\neach instance).\n\n2) Support for an AUDIT_IPC_SET_PERM audit message type. This allows\nfor separate auxiliary audit records for normal operations on an IPC\nobject and permissions changes. Note that the same struct\naudit_aux_data_ipcctl is used and populated, however there are separate\naudit_log_format statements based on the type of the message. Finally,\nthe AUDIT_IPC block of code in audit_free_aux() was extended to handle\naux messages of this new type. No more mem leaks I hope ;-)\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ce29b682e228c70cdc91a1b2935c5adb2087bab8", "tree": "39e3e5b345748bec1c2d21962407689cdb1b7dab", "parents": [ "e7c3497013a7e5496ce3d5fd3c73b5cf5af7a56e" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Sat Apr 01 18:29:34 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:10:01 2006 -0400" }, "message": "[PATCH] More user space subject labels\n\nHi,\n\nThe patch below builds upon the patch sent earlier and adds subject label to\nall audit events generated via the netlink interface. It also cleans up a few\nother minor things.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9c7aa6aa74fa8a5cda36e54cbbe4fffe0214497d", "tree": "1e1489ed5080ea4aff6206bfa904f549de8e56ca", "parents": [ "1b50eed9cac0e8e5e4d3a522d8aa267f7f8f8acb" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Fri Mar 31 15:22:49 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:09:56 2006 -0400" }, "message": "[PATCH] change lspp ipc auditing\n\nHi,\n\nThe patch below converts IPC auditing to collect sid\u0027s and convert to context\nstring only if it needs to output an audit record. This patch depends on the\ninode audit change patch already being applied.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1b50eed9cac0e8e5e4d3a522d8aa267f7f8f8acb", "tree": "c66a1c3be846e34f1aac5db640b7ccb8770e8a80", "parents": [ "3dc7e3153eddfcf7ba8b50628775ba516e5f759f" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Mon Apr 03 14:06:13 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:09:53 2006 -0400" }, "message": "[PATCH] audit inode patch\n\nPreviously, we were gathering the context instead of the sid. Now in this patch,\nwe gather just the sid and convert to context only if an audit event is being\noutput.\n\nThis patch brings the performance hit from 146% down to 23%\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3dc7e3153eddfcf7ba8b50628775ba516e5f759f", "tree": "926957e904739fc6c29e5125b7c1635b9f77548c", "parents": [ "376bd9cb357ec945ac893feaeb63af7370a6e70b" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@trustedcs.com", "time": "Fri Mar 10 18:14:06 2006 -0600" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:09:36 2006 -0400" }, "message": "[PATCH] support for context based audit filtering, part 2\n\nThis patch provides the ability to filter audit messages based on the\nelements of the process\u0027 SELinux context (user, role, type, mls sensitivity,\nand mls clearance). It uses the new interfaces from selinux to opaquely\nstore information related to the selinux context and to filter based on that\ninformation. It also uses the callback mechanism provided by selinux to\nrefresh the information when a new policy is loaded.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "97e94c453073a2aba4bb5e0825ddc5e923debf11", "tree": "9ed466c5252608302389f59d00c1e9e3eecd7303", "parents": [ "5411be59db80333039386f3b1ccfe5eb9023a916" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 29 20:26:24 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:06:21 2006 -0400" }, "message": "[PATCH] no need to wank with task_lock() and pinning task down in audit_syscall_exit()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5411be59db80333039386f3b1ccfe5eb9023a916", "tree": "77873af4b7557768c3c48b56e7ae4508be4a70a5", "parents": [ "e495149b173d8e133e1f6f2eb86fd97be7e92010" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 29 20:23:36 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:06:18 2006 -0400" }, "message": "[PATCH] drop task argument of audit_syscall_{entry,exit}\n\n... it\u0027s always current, and that\u0027s a good thing - allows simpler locking.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e495149b173d8e133e1f6f2eb86fd97be7e92010", "tree": "387a11cc8a3e272df33bdb0f697ec434b9dfa3fa", "parents": [ "fa84cb935d4ec601528f5e2f0d5d31e7876a5044" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 29 20:17:10 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:06:16 2006 -0400" }, "message": "[PATCH] drop gfp_mask in audit_log_exit()\n\nnow we can do that - all callers are process-synchronous and do not hold\nany locks.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "fa84cb935d4ec601528f5e2f0d5d31e7876a5044", "tree": "ba0694902a1fec4e32ff15503fc316c24b4a4501", "parents": [ "d6fe3945b42d09a1eca7ad180a1646e585b8594f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 29 20:30:19 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:06:13 2006 -0400" }, "message": "[PATCH] move call of audit_free() into do_exit()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "45d9bb0e37668b7c64d1e49e98fbc4733c23b334", "tree": "29b518f84a4e9c4a295dfd92a24b5a5c42c032cc", "parents": [ "e0a515bc6a2188f02916e976f419a8640312e32a" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 29 20:02:55 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:06:07 2006 -0400" }, "message": "[PATCH] deal with deadlocks in audit_free()\n\nDon\u0027t assume that audit_log_exit() et.al. are called for the context of\ncurrent; pass task explictly.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1b9a3917366028cc451a98dd22e3bcd537d4e5c1", "tree": "d911058720e0a9aeeaf9f407ccdc6fbf4047f47d", "parents": [ "3661f00e2097676847deb01add1a0918044bd816", "71e1c784b24a026a490b3de01541fc5ee14ebc09" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 09:24:53 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Mar 25 09:24:53 2006 -0800" }, "message": "Merge branch \u0027audit.b3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current\n\n* \u0027audit.b3\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits)\n [PATCH] fix audit_init failure path\n [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format\n [PATCH] sem2mutex: audit_netlink_sem\n [PATCH] simplify audit_free() locking\n [PATCH] Fix audit operators\n [PATCH] promiscuous mode\n [PATCH] Add tty to syscall audit records\n [PATCH] add/remove rule update\n [PATCH] audit string fields interface + consumer\n [PATCH] SE Linux audit events\n [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c\n [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL\n [PATCH] Fix IA64 success/failure indication in syscall auditing.\n [PATCH] Miscellaneous bug and warning fixes\n [PATCH] Capture selinux subject/object context information.\n [PATCH] Exclude messages by message type\n [PATCH] Collect more inode information during syscall processing.\n [PATCH] Pass dentry, not just name, in fsnotify creation hooks.\n [PATCH] Define new range of userspace messages.\n [PATCH] Filter rule comparators\n ...\n\nFixed trivial conflict in security/selinux/hooks.c\n" }, { "commit": "4023e020807ea249ae83f0d1d851b4c7cf0afd8a", "tree": "3bc91756c9429bd89c2ebb47108ed772dd29c4cf", "parents": [ "d9d9ec6e2c45b22282cd36cf92fcb23d504350a8" ], "author": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Tue Mar 07 23:51:39 2006 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:55 2006 -0500" }, "message": "[PATCH] simplify audit_free() locking\n\nSimplify audit_free()\u0027s locking: no need to lock a task that we are tearing\ndown. [the extra locking also caused false positives in the lock\nvalidator]\n\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a6c043a887a9db32a545539426ddfc8cc2c28f8f", "tree": "61269890edbf13a5bb2ae41eb4aba9353a2382b8", "parents": [ "5d3301088f7e412992d9e61cc3604cbdff3090ff" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Sun Jan 01 14:07:00 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:55 2006 -0500" }, "message": "[PATCH] Add tty to syscall audit records\n\nHi,\n\n\u003eFrom the RBAC specs:\n\nFAU_SAR.1.1 The TSF shall provide the set of authorized\nRBAC administrators with the capability to read the following\naudit information from the audit records:\n\n\u003csnip\u003e\n(e) The User Session Identifier or Terminal Type\n\nA patch adding the tty for all syscalls is included in this email.\nPlease apply.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "93315ed6dd12dacfc941f9eb8ca0293aadf99793", "tree": "4fc070c92a1de21d3befe4ce48c733c65d044bb3", "parents": [ "af601e4623d0303bfafa54ec728b7ae8493a8e1b" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Tue Feb 07 12:05:27 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] audit string fields interface + consumer\n\nUpdated patch to dynamically allocate audit rule fields in kernel\u0027s\ninternal representation. Added unlikely() calls for testing memory\nallocation result.\n\nAmy Griffis wrote: [Wed Jan 11 2006, 02:02:31PM EST]\n\u003e Modify audit\u0027s kernel-userspace interface to allow the specification\n\u003e of string fields in audit rules.\n\u003e\n\u003e Signed-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n(cherry picked from 5ffc4a863f92351b720fe3e9c5cd647accff9e03 commit)\n" }, { "commit": "fe7752bab26a9ac0651b695ad4f55659761f68f7", "tree": "b2e516a52232c978fc824b226418d8a28460b8a8", "parents": [ "ee436dc46a762f430e37952d375a23d87735f73f" ], "author": { "name": "David Woodhouse", "email": "dwmw2@infradead.org", "time": "Thu Dec 15 18:33:52 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL\n\nThis fixes the per-user and per-message-type filtering when syscall\nauditing isn\u0027t enabled.\n\n[AV: folded followup fix from the same author]\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7306a0b9b3e2056a616c84841288ca2431a05627", "tree": "d3f61ef43c7079790d6b8ef9bf307689a7d9ea16", "parents": [ "8c8570fb8feef2bc166bee75a85748b25cda22d9" ], "author": { "name": "Dustin Kirkland", "email": "dustin.kirkland@us.ibm.com", "time": "Wed Nov 16 15:53:13 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Miscellaneous bug and warning fixes\n\nThis patch fixes a couple of bugs revealed in new features recently\nadded to -mm1:\n* fixes warnings due to inconsistent use of const struct inode *inode\n* fixes bug that prevent a kernel from booting with audit on, and SELinux off\n due to a missing function in security/dummy.c\n* fixes a bug that throws spurious audit_panic() messages due to a missing\n return just before an error_path label\n* some reasonable house cleaning in audit_ipc_context(),\n audit_inode_context(), and audit_log_task_context()\n\nSigned-off-by: Dustin Kirkland \u003cdustin.kirkland@us.ibm.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" } ], "next": "8c8570fb8feef2bc166bee75a85748b25cda22d9" }