)]}' { "log": [ { "commit": "9d9609851003ebed15957f0f2ce18492739ee124", "tree": "2c116865d2f239b5596b22a3a79eecc82f5e1299", "parents": [ "35fe4d0b1b12286a81938e9c5fdfaf639ac0ce5b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:37 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jun 24 00:00:52 2009 -0400" }, "message": "Audit: clean up all op\u003d output to include string quoting\n\nA number of places in the audit system we send an op\u003d followed by a string\nthat includes spaces. Somehow this works but it\u0027s just wrong. This patch\nmoves all of those that I could find to be quoted.\n\nExample:\n\nChange From: type\u003dCONFIG_CHANGE msg\u003daudit(1244666690.117:31): auid\u003d0 ses\u003d1\nsubj\u003dunconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op\u003dremove rule\nkey\u003d\"number2\" list\u003d4 res\u003d0\n\nChange To: type\u003dCONFIG_CHANGE msg\u003daudit(1244666690.117:31): auid\u003d0 ses\u003d1\nsubj\u003dunconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op\u003d\"remove rule\"\nkey\u003d\"number2\" list\u003d4 res\u003d0\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "523979adfa0b79d4e3aa053220c37a9233294206", "tree": "15ff42f935f9d443220edb118f3980432f924360", "parents": [ "ed850a52af971528b048812c4215cef298af0d3b" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 11 11:12:28 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 12 09:40:14 2009 +1100" }, "message": "integrity: audit update\n\nBased on discussions on linux-audit, as per Steve Grubb\u0027s request\nhttp://lkml.org/lkml/2009/2/6/269, the following changes were made:\n- forced audit result to be either 0 or 1.\n- made template names const\n- Added new stand-alone message type: AUDIT_INTEGRITY_RULE\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cb5629b10d64a8006622ce3a52bc887d91057d69", "tree": "7c06d8f30783115e3384721046258ce615b129c5", "parents": [ "8920d5ad6ba74ae8ab020e90cc4d976980e68701", "f01d1d546abb2f4028b5299092f529eefb01253a" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 06 11:01:45 2009 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 06 11:01:45 2009 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n\nConflicts:\n\tfs/namei.c\n\nManually merged per:\n\ndiff --cc fs/namei.c\nindex 734f2b5,bbc15c2..0000000\n--- a/fs/namei.c\n+++ b/fs/namei.c\n@@@ -860,9 -848,8 +849,10 @@@ static int __link_path_walk(const char\n \t\tnd-\u003eflags |\u003d LOOKUP_CONTINUE;\n \t\terr \u003d exec_permission_lite(inode);\n \t\tif (err \u003d\u003d -EAGAIN)\n- \t\t\terr \u003d vfs_permission(nd, MAY_EXEC);\n+ \t\t\terr \u003d inode_permission(nd-\u003epath.dentry-\u003ed_inode,\n+ \t\t\t\t\t MAY_EXEC);\n +\t\tif (!err)\n +\t\t\terr \u003d ima_path_check(\u0026nd-\u003epath, MAY_EXEC);\n \t\tif (err)\n \t\t\tbreak;\n\n@@@ -1525,14 -1506,9 +1509,14 @@@ int may_open(struct path *path, int acc\n \t\tflag \u0026\u003d ~O_TRUNC;\n \t}\n\n- \terror \u003d vfs_permission(nd, acc_mode);\n+ \terror \u003d inode_permission(inode, acc_mode);\n \tif (error)\n \t\treturn error;\n +\n- \terror \u003d ima_path_check(\u0026nd-\u003epath,\n++\terror \u003d ima_path_check(path,\n +\t\t\t acc_mode \u0026 (MAY_READ | MAY_WRITE | MAY_EXEC));\n +\tif (error)\n +\t\treturn error;\n \t/*\n \t * An append-only file must be opened in append mode for writing.\n \t */\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3323eec921efd815178a23107ab63588c605c0b2", "tree": "bc9e9714ac4881ebc515c1bd155674c52c356d6a", "parents": [ "6146f0d5e47ca4047ffded0fb79b6c25359b386c" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 04 09:06:58 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 06 09:05:30 2009 +1100" }, "message": "integrity: IMA as an integrity service provider\n\nIMA provides hardware (TPM) based measurement and attestation for\nfile measurements. As the Trusted Computing (TPM) model requires,\nIMA measures all files before they are accessed in any way (on the\nintegrity_bprm_check, integrity_path_check and integrity_file_mmap\nhooks), and commits the measurements to the TPM. Once added to the\nTPM, measurements can not be removed.\n\nIn addition, IMA maintains a list of these file measurements, which\ncan be used to validate the aggregate value stored in the TPM. The\nTPM can sign these measurements, and thus the system can prove, to\nitself and to a third party, the system\u0027s integrity in a way that\ncannot be circumvented by malicious or compromised software.\n\n- alloc ima_template_entry before calling ima_store_template()\n- log ima_add_boot_aggregate() failure\n- removed unused IMA_TEMPLATE_NAME_LEN\n- replaced hard coded string length with #define name\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5af75d8d58d0f9f7b7c0515b35786b22892d5f12", "tree": "65707c5309133a33140c39145ae91b7c1679a877", "parents": [ "36c4f1b18c8a7d0adb4085e7f531860b837bb6b0" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 16 05:59:26 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:42 2009 -0500" }, "message": "audit: validate comparison operations, store them in sane form\n\nDon\u0027t store the field-\u003eop in the messy (and very inconvenient for e.g.\naudit_comparator()) form; translate to dense set of values and do full\nvalidation of userland-submitted value while we are at it.\n\n-\u003eaudit_init_rule() and -\u003eaudit_match_rule() get new values now; in-tree\ninstances updated.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e45aa212ea81d39b38ba158df344dc3a500153e5", "tree": "c4d55cda9e8f976d15b6b01a775a3437f932db27", "parents": [ "0590b9335a1c72a3f0defcc6231287f7817e07c8" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Dec 15 01:17:50 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:42 2009 -0500" }, "message": "audit rules ordering, part 2\n\nFix the actual rule listing; add per-type lists _not_ used for matching,\nwith all exit,... sitting on one such list. Simplifies \"do something\nfor all rules\" logics, while we are at it...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "0590b9335a1c72a3f0defcc6231287f7817e07c8", "tree": "289fa4668ae304f79f7484ac31b2cab0ab8894c1", "parents": [ "1a9d0797b8977d413435277bf9661efbbd584693" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Dec 14 23:45:27 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:41 2009 -0500" }, "message": "fixing audit rule ordering mess, part 1\n\nProblem: ordering between the rules on exit chain is currently lost;\nall watch and inode rules are listed after everything else _and_\nexit,never on one kind doesn\u0027t stop exit,always on another from\nbeing matched.\n\nSolution: assign priorities to rules, keep track of the current\nhighest-priority matching rule and its result (always/never).\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "57f71a0af4244d9ba3c0bce74b1d2e66e8d520bd", "tree": "c089a97949fc1d459e137b18739c04e9217913d1", "parents": [ "157cf649a735a2f7e8dba0ed08e6e38b6c30d886" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 14:52:57 2009 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:41 2009 -0500" }, "message": "sanitize audit_log_capset()\n\n* no allocations\n* return void\n* don\u0027t duplicate checked for dummy context\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "157cf649a735a2f7e8dba0ed08e6e38b6c30d886", "tree": "85895367c24023d363d5ee7b5ed2fb16eaf08721", "parents": [ "564f6993ffef656aebaf46cf2f1f6cb4f5c97207" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Dec 14 04:57:47 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:41 2009 -0500" }, "message": "sanitize audit_fd_pair()\n\n* no allocations\n* return void\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "564f6993ffef656aebaf46cf2f1f6cb4f5c97207", "tree": "0bf1ee553ab1241338fe522ffbaed8cd48e10c99", "parents": [ "c32c8af43b9adde8d6f938d8e6328c13b8de79ac" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Dec 14 04:02:26 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:41 2009 -0500" }, "message": "sanitize audit_mq_open()\n\n* don\u0027t bother with allocations\n* don\u0027t do double copy_from_user()\n* don\u0027t duplicate parts of check for audit_dummy_context()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c32c8af43b9adde8d6f938d8e6328c13b8de79ac", "tree": "6377079bba7530d2aa8a688ebf9ba3e09ae085a7", "parents": [ "20114f71b27cafeb7c7e41d2b0f0b68c3fbb022b" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Dec 14 03:46:48 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:40 2009 -0500" }, "message": "sanitize AUDIT_MQ_SENDRECV\n\n* logging the original value of *msg_prio in mq_timedreceive(2)\n is insane - the argument is write-only (i.e. syscall always\n ignores the original value and only overwrites it).\n* merge __audit_mq_timed{send,receive}\n* don\u0027t do copy_from_user() twice\n* don\u0027t mess with allocations in auditsc part\n* ... and don\u0027t bother checking !audit_enabled and !context in there -\n we\u0027d already checked for audit_dummy_context().\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "20114f71b27cafeb7c7e41d2b0f0b68c3fbb022b", "tree": "fcbb481cfec8c11f103ba07dbb08819de3822d80", "parents": [ "7392906ea915b9a2c14dea32b3604b4e178f82f7" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 07:16:12 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:40 2009 -0500" }, "message": "sanitize audit_mq_notify()\n\n* don\u0027t copy_from_user() twice\n* don\u0027t bother with allocations\n* don\u0027t duplicate parts of audit_dummy_context()\n* make it return void\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7392906ea915b9a2c14dea32b3604b4e178f82f7", "tree": "1e4fbe56e3738fade213ef805ec274ea74ac6a1b", "parents": [ "e816f370cbadd2afea9f1a42f232d0636137d563" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 06:58:59 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:40 2009 -0500" }, "message": "sanitize audit_mq_getsetattr()\n\n* get rid of allocations\n* make it return void\n* don\u0027t duplicate parts of audit_dummy_context()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e816f370cbadd2afea9f1a42f232d0636137d563", "tree": "8a9fe488ced59cd9864fcbf15292641c3b95143c", "parents": [ "a33e6751003c5ade603737d828b1519d980ce392" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 03:47:15 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:40 2009 -0500" }, "message": "sanitize audit_ipc_set_perm()\n\n* get rid of allocations\n* make it return void\n* simplify callers\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a33e6751003c5ade603737d828b1519d980ce392", "tree": "aa484d033e886945aed78172dbdd4d2fd928bacf", "parents": [ "f3298dc4f2277874d40cb4fc3a6e277317d6603b" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 03:40:06 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:39 2009 -0500" }, "message": "sanitize audit_ipc_obj()\n\n* get rid of allocations\n* make it return void\n* simplify callers\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f3298dc4f2277874d40cb4fc3a6e277317d6603b", "tree": "8ba8f7e7a0597965b2f6c7106718a59cc164eab1", "parents": [ "4f6b434fee2402b3decdeae9d16eb648725ae426" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 03:16:51 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:39 2009 -0500" }, "message": "sanitize audit_socketcall\n\n* don\u0027t bother with allocations\n* now that it can\u0027t fail, make it return void\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cbacc2c7f066a1e01b33b0e27ae5efbf534bc2db", "tree": "90d1093131d2a3543a8b3b1f3364e7c6f4081a93", "parents": [ "4a6908a3a050aacc9c3a2f36b276b46c0629ad91", "74192246910ff4fb95309ba1a683215644beeb62" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 25 11:40:09 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 25 11:40:09 2008 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n" }, { "commit": "48887e63d6e057543067327da6b091297f7fe645", "tree": "f290af5a887bcf840a63043eb2df3a4c02ccaea3", "parents": [ "7f0ed77d241b60f70136f15b8eef30a3de1fa249" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Dec 06 01:05:50 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 09 02:27:41 2008 -0500" }, "message": "[PATCH] fix broken timestamps in AVC generated by kernel threads\n\nTimestamp in audit_context is valid only if -\u003ein_syscall is set.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a64e64944f4b8ce3288519555dbaa0232414b8ac", "tree": "6b37f5444c49379580b6b4fead84a75ca474d0ab", "parents": [ "a3f07114e3359fb98683069ae397220e8992a24a" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Nov 12 18:37:41 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 09 02:27:38 2008 -0500" }, "message": "[PATCH] return records for fork() both to child and parent\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a6f76f23d297f70e2a6b3ec607f7aeeea9e37e8d", "tree": "8f95617996d0974507f176163459212a7def8b9a", "parents": [ "d84f4f992cbd76e8f39c488cf0c5d123843923b1" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:24 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:24 2008 +1100" }, "message": "CRED: Make execve() take advantage of copy-on-write credentials\n\nMake execve() take advantage of copy-on-write credentials, allowing it to set\nup the credentials in advance, and then commit the whole lot after the point\nof no return.\n\nThis patch and the preceding patches have been tested with the LTP SELinux\ntestsuite.\n\nThis patch makes several logical sets of alteration:\n\n (1) execve().\n\n The credential bits from struct linux_binprm are, for the most part,\n replaced with a single credentials pointer (bprm-\u003ecred). This means that\n all the creds can be calculated in advance and then applied at the point\n of no return with no possibility of failure.\n\n I would like to replace bprm-\u003ecap_effective with:\n\n\tcap_isclear(bprm-\u003ecap_effective)\n\n but this seems impossible due to special behaviour for processes of pid 1\n (they always retain their parent\u0027s capability masks where normally they\u0027d\n be changed - see cap_bprm_set_creds()).\n\n The following sequence of events now happens:\n\n (a) At the start of do_execve, the current task\u0027s cred_exec_mutex is\n \t locked to prevent PTRACE_ATTACH from obsoleting the calculation of\n \t creds that we make.\n\n (a) prepare_exec_creds() is then called to make a copy of the current\n \t task\u0027s credentials and prepare it. This copy is then assigned to\n \t bprm-\u003ecred.\n\n \t This renders security_bprm_alloc() and security_bprm_free()\n \t unnecessary, and so they\u0027ve been removed.\n\n (b) The determination of unsafe execution is now performed immediately\n \t after (a) rather than later on in the code. The result is stored in\n \t bprm-\u003eunsafe for future reference.\n\n (c) prepare_binprm() is called, possibly multiple times.\n\n \t (i) This applies the result of set[ug]id binaries to the new creds\n \t attached to bprm-\u003ecred. Personality bit clearance is recorded,\n \t but now deferred on the basis that the exec procedure may yet\n \t fail.\n\n (ii) This then calls the new security_bprm_set_creds(). This should\n\t calculate the new LSM and capability credentials into *bprm-\u003ecred.\n\n\t This folds together security_bprm_set() and parts of\n\t security_bprm_apply_creds() (these two have been removed).\n\t Anything that might fail must be done at this point.\n\n (iii) bprm-\u003ecred_prepared is set to 1.\n\n\t bprm-\u003ecred_prepared is 0 on the first pass of the security\n\t calculations, and 1 on all subsequent passes. This allows SELinux\n\t in (ii) to base its calculations only on the initial script and\n\t not on the interpreter.\n\n (d) flush_old_exec() is called to commit the task to execution. This\n \t performs the following steps with regard to credentials:\n\n\t (i) Clear pdeath_signal and set dumpable on certain circumstances that\n\t may not be covered by commit_creds().\n\n (ii) Clear any bits in current-\u003epersonality that were deferred from\n (c.i).\n\n (e) install_exec_creds() [compute_creds() as was] is called to install the\n \t new credentials. This performs the following steps with regard to\n \t credentials:\n\n (i) Calls security_bprm_committing_creds() to apply any security\n requirements, such as flushing unauthorised files in SELinux, that\n must be done before the credentials are changed.\n\n\t This is made up of bits of security_bprm_apply_creds() and\n\t security_bprm_post_apply_creds(), both of which have been removed.\n\t This function is not allowed to fail; anything that might fail\n\t must have been done in (c.ii).\n\n (ii) Calls commit_creds() to apply the new credentials in a single\n assignment (more or less). Possibly pdeath_signal and dumpable\n should be part of struct creds.\n\n\t (iii) Unlocks the task\u0027s cred_replace_mutex, thus allowing\n\t PTRACE_ATTACH to take place.\n\n (iv) Clears The bprm-\u003ecred pointer as the credentials it was holding\n are now immutable.\n\n (v) Calls security_bprm_committed_creds() to apply any security\n alterations that must be done after the creds have been changed.\n SELinux uses this to flush signals and signal handlers.\n\n (f) If an error occurs before (d.i), bprm_free() will call abort_creds()\n \t to destroy the proposed new credentials and will then unlock\n \t cred_replace_mutex. No changes to the credentials will have been\n \t made.\n\n (2) LSM interface.\n\n A number of functions have been changed, added or removed:\n\n (*) security_bprm_alloc(), -\u003ebprm_alloc_security()\n (*) security_bprm_free(), -\u003ebprm_free_security()\n\n \t Removed in favour of preparing new credentials and modifying those.\n\n (*) security_bprm_apply_creds(), -\u003ebprm_apply_creds()\n (*) security_bprm_post_apply_creds(), -\u003ebprm_post_apply_creds()\n\n \t Removed; split between security_bprm_set_creds(),\n \t security_bprm_committing_creds() and security_bprm_committed_creds().\n\n (*) security_bprm_set(), -\u003ebprm_set_security()\n\n \t Removed; folded into security_bprm_set_creds().\n\n (*) security_bprm_set_creds(), -\u003ebprm_set_creds()\n\n \t New. The new credentials in bprm-\u003ecreds should be checked and set up\n \t as appropriate. bprm-\u003ecred_prepared is 0 on the first call, 1 on the\n \t second and subsequent calls.\n\n (*) security_bprm_committing_creds(), -\u003ebprm_committing_creds()\n (*) security_bprm_committed_creds(), -\u003ebprm_committed_creds()\n\n \t New. Apply the security effects of the new credentials. This\n \t includes closing unauthorised files in SELinux. This function may not\n \t fail. When the former is called, the creds haven\u0027t yet been applied\n \t to the process; when the latter is called, they have.\n\n \t The former may access bprm-\u003ecred, the latter may not.\n\n (3) SELinux.\n\n SELinux has a number of changes, in addition to those to support the LSM\n interface changes mentioned above:\n\n (a) The bprm_security_struct struct has been removed in favour of using\n \t the credentials-under-construction approach.\n\n (c) flush_unauthorized_files() now takes a cred pointer and passes it on\n \t to inode_has_perm(), file_has_perm() and dentry_open().\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d84f4f992cbd76e8f39c488cf0c5d123843923b1", "tree": "fc4a0349c42995715b93d0f7a3c78e9ea9b3f36e", "parents": [ "745ca2475a6ac596e3d8d37c2759c0fbe2586227" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:23 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:23 2008 +1100" }, "message": "CRED: Inaugurate COW credentials\n\nInaugurate copy-on-write credentials management. This uses RCU to manage the\ncredentials pointer in the task_struct with respect to accesses by other tasks.\nA process may only modify its own credentials, and so does not need locking to\naccess or modify its own credentials.\n\nA mutex (cred_replace_mutex) is added to the task_struct to control the effect\nof PTRACE_ATTACHED on credential calculations, particularly with respect to\nexecve().\n\nWith this patch, the contents of an active credentials struct may not be\nchanged directly; rather a new set of credentials must be prepared, modified\nand committed using something like the following sequence of events:\n\n\tstruct cred *new \u003d prepare_creds();\n\tint ret \u003d blah(new);\n\tif (ret \u003c 0) {\n\t\tabort_creds(new);\n\t\treturn ret;\n\t}\n\treturn commit_creds(new);\n\nThere are some exceptions to this rule: the keyrings pointed to by the active\ncredentials may be instantiated - keyrings violate the COW rule as managing\nCOW keyrings is tricky, given that it is possible for a task to directly alter\nthe keys in a keyring in use by another task.\n\nTo help enforce this, various pointers to sets of credentials, such as those in\nthe task_struct, are declared const. The purpose of this is compile-time\ndiscouragement of altering credentials through those pointers. Once a set of\ncredentials has been made public through one of these pointers, it may not be\nmodified, except under special circumstances:\n\n (1) Its reference count may incremented and decremented.\n\n (2) The keyrings to which it points may be modified, but not replaced.\n\nThe only safe way to modify anything else is to create a replacement and commit\nusing the functions described in Documentation/credentials.txt (which will be\nadded by a later patch).\n\nThis patch and the preceding patches have been tested with the LTP SELinux\ntestsuite.\n\nThis patch makes several logical sets of alteration:\n\n (1) execve().\n\n This now prepares and commits credentials in various places in the\n security code rather than altering the current creds directly.\n\n (2) Temporary credential overrides.\n\n do_coredump() and sys_faccessat() now prepare their own credentials and\n temporarily override the ones currently on the acting thread, whilst\n preventing interference from other threads by holding cred_replace_mutex\n on the thread being dumped.\n\n This will be replaced in a future patch by something that hands down the\n credentials directly to the functions being called, rather than altering\n the task\u0027s objective credentials.\n\n (3) LSM interface.\n\n A number of functions have been changed, added or removed:\n\n (*) security_capset_check(), -\u003ecapset_check()\n (*) security_capset_set(), -\u003ecapset_set()\n\n \t Removed in favour of security_capset().\n\n (*) security_capset(), -\u003ecapset()\n\n \t New. This is passed a pointer to the new creds, a pointer to the old\n \t creds and the proposed capability sets. It should fill in the new\n \t creds or return an error. All pointers, barring the pointer to the\n \t new creds, are now const.\n\n (*) security_bprm_apply_creds(), -\u003ebprm_apply_creds()\n\n \t Changed; now returns a value, which will cause the process to be\n \t killed if it\u0027s an error.\n\n (*) security_task_alloc(), -\u003etask_alloc_security()\n\n \t Removed in favour of security_prepare_creds().\n\n (*) security_cred_free(), -\u003ecred_free()\n\n \t New. Free security data attached to cred-\u003esecurity.\n\n (*) security_prepare_creds(), -\u003ecred_prepare()\n\n \t New. Duplicate any security data attached to cred-\u003esecurity.\n\n (*) security_commit_creds(), -\u003ecred_commit()\n\n \t New. Apply any security effects for the upcoming installation of new\n \t security by commit_creds().\n\n (*) security_task_post_setuid(), -\u003etask_post_setuid()\n\n \t Removed in favour of security_task_fix_setuid().\n\n (*) security_task_fix_setuid(), -\u003etask_fix_setuid()\n\n \t Fix up the proposed new credentials for setuid(). This is used by\n \t cap_set_fix_setuid() to implicitly adjust capabilities in line with\n \t setuid() changes. Changes are made to the new credentials, rather\n \t than the task itself as in security_task_post_setuid().\n\n (*) security_task_reparent_to_init(), -\u003etask_reparent_to_init()\n\n \t Removed. Instead the task being reparented to init is referred\n \t directly to init\u0027s credentials.\n\n\t NOTE! This results in the loss of some state: SELinux\u0027s osid no\n\t longer records the sid of the thread that forked it.\n\n (*) security_key_alloc(), -\u003ekey_alloc()\n (*) security_key_permission(), -\u003ekey_permission()\n\n \t Changed. These now take cred pointers rather than task pointers to\n \t refer to the security context.\n\n (4) sys_capset().\n\n This has been simplified and uses less locking. The LSM functions it\n calls have been merged.\n\n (5) reparent_to_kthreadd().\n\n This gives the current thread the same credentials as init by simply using\n commit_thread() to point that way.\n\n (6) __sigqueue_alloc() and switch_uid()\n\n __sigqueue_alloc() can\u0027t stop the target task from changing its creds\n beneath it, so this function gets a reference to the currently applicable\n user_struct which it then passes into the sigqueue struct it returns if\n successful.\n\n switch_uid() is now called from commit_creds(), and possibly should be\n folded into that. commit_creds() should take care of protecting\n __sigqueue_alloc().\n\n (7) [sg]et[ug]id() and co and [sg]et_current_groups.\n\n The set functions now all use prepare_creds(), commit_creds() and\n abort_creds() to build and check a new set of credentials before applying\n it.\n\n security_task_set[ug]id() is called inside the prepared section. This\n guarantees that nothing else will affect the creds until we\u0027ve finished.\n\n The calling of set_dumpable() has been moved into commit_creds().\n\n Much of the functionality of set_user() has been moved into\n commit_creds().\n\n The get functions all simply access the data directly.\n\n (8) security_task_prctl() and cap_task_prctl().\n\n security_task_prctl() has been modified to return -ENOSYS if it doesn\u0027t\n want to handle a function, or otherwise return the return value directly\n rather than through an argument.\n\n Additionally, cap_task_prctl() now prepares a new set of credentials, even\n if it doesn\u0027t end up using it.\n\n (9) Keyrings.\n\n A number of changes have been made to the keyrings code:\n\n (a) switch_uid_keyring(), copy_keys(), exit_keys() and suid_keys() have\n \t all been dropped and built in to the credentials functions directly.\n \t They may want separating out again later.\n\n (b) key_alloc() and search_process_keyrings() now take a cred pointer\n \t rather than a task pointer to specify the security context.\n\n (c) copy_creds() gives a new thread within the same thread group a new\n \t thread keyring if its parent had one, otherwise it discards the thread\n \t keyring.\n\n (d) The authorisation key now points directly to the credentials to extend\n \t the search into rather pointing to the task that carries them.\n\n (e) Installing thread, process or session keyrings causes a new set of\n \t credentials to be created, even though it\u0027s not strictly necessary for\n \t process or session keyrings (they\u0027re shared).\n\n(10) Usermode helper.\n\n The usermode helper code now carries a cred struct pointer in its\n subprocess_info struct instead of a new session keyring pointer. This set\n of credentials is derived from init_cred and installed on the new process\n after it has been cloned.\n\n call_usermodehelper_setup() allocates the new credentials and\n call_usermodehelper_freeinfo() discards them if they haven\u0027t been used. A\n special cred function (prepare_usermodeinfo_creds()) is provided\n specifically for call_usermodehelper_setup() to call.\n\n call_usermodehelper_setkeys() adjusts the credentials to sport the\n supplied keyring as the new session keyring.\n\n(11) SELinux.\n\n SELinux has a number of changes, in addition to those to support the LSM\n interface changes mentioned above:\n\n (a) selinux_setprocattr() no longer does its check for whether the\n \t current ptracer can access processes with the new SID inside the lock\n \t that covers getting the ptracer\u0027s SID. Whilst this lock ensures that\n \t the check is done with the ptracer pinned, the result is only valid\n \t until the lock is released, so there\u0027s no point doing it inside the\n \t lock.\n\n(12) is_single_threaded().\n\n This function has been extracted from selinux_setprocattr() and put into\n a file of its own in the lib/ directory as join_session_keyring() now\n wants to use it too.\n\n The code in SELinux just checked to see whether a task shared mm_structs\n with other tasks (CLONE_VM), but that isn\u0027t good enough. We really want\n to know if they\u0027re part of the same thread group (CLONE_THREAD).\n\n(13) nfsd.\n\n The NFS server daemon now has to use the COW credentials to set the\n credentials it is going to use. It really needs to pass the credentials\n down to the functions it calls, but it can\u0027t do that until other patches\n in this series have been applied.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e68b75a027bb94066576139ee33676264f867b87", "tree": "2c31f59a4abe9d7bb3cb75fdf3b57772feeeb6f6", "parents": [ "3fc689e96c0c90b6fede5946d6c31075e9464f69" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 11 21:48:22 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 11 21:48:22 2008 +1100" }, "message": "When the capset syscall is used it is not possible for audit to record the\nactual capbilities being added/removed. This patch adds a new record type\nwhich emits the target pid and the eff, inh, and perm cap sets.\n\nexample output if you audit capset syscalls would be:\n\ntype\u003dSYSCALL msg\u003daudit(1225743140.465:76): arch\u003dc000003e syscall\u003d126 success\u003dyes exit\u003d0 a0\u003d17f2014 a1\u003d17f201c a2\u003d80000000 a3\u003d7fff2ab7f060 items\u003d0 ppid\u003d2160 pid\u003d2223 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dpts0 ses\u003d1 comm\u003d\"setcap\" exe\u003d\"/usr/sbin/setcap\" subj\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key\u003d(null)\ntype\u003dUNKNOWN[1322] msg\u003daudit(1225743140.465:76): pid\u003d0 cap_pi\u003dffffffffffffffff cap_pp\u003dffffffffffffffff cap_pe\u003dffffffffffffffff\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3fc689e96c0c90b6fede5946d6c31075e9464f69", "tree": "5e59b6c607eb595ababa74bad18787cfa49b16e9", "parents": [ "851f7ff56d9c21272f289dd85fb3f1b6cf7a6e10" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 11 21:48:18 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 11 21:48:18 2008 +1100" }, "message": "Any time fcaps or a setuid app under SECURE_NOROOT is used to result in a\nnon-zero pE we will crate a new audit record which contains the entire set\nof known information about the executable in question, fP, fI, fE, fversion\nand includes the process\u0027s pE, pI, pP. Before and after the bprm capability\nare applied. This record type will only be emitted from execve syscalls.\n\nan example of making ping use fcaps instead of setuid:\n\nsetcap \"cat_net_raw+pe\" /bin/ping\n\ntype\u003dSYSCALL msg\u003daudit(1225742021.015:236): arch\u003dc000003e syscall\u003d59 success\u003dyes exit\u003d0 a0\u003d1457f30 a1\u003d14606b0 a2\u003d1463940 a3\u003d321b770a70 items\u003d2 ppid\u003d2929 pid\u003d2963 auid\u003d0 uid\u003d500 gid\u003d500 euid\u003d500 suid\u003d500 fsuid\u003d500 egid\u003d500 sgid\u003d500 fsgid\u003d500 tty\u003dpts0 ses\u003d3 comm\u003d\"ping\" exe\u003d\"/bin/ping\" subj\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key\u003d(null)\ntype\u003dUNKNOWN[1321] msg\u003daudit(1225742021.015:236): fver\u003d2 fp\u003d0000000000002000 fi\u003d0000000000000000 fe\u003d1 old_pp\u003d0000000000000000 old_pi\u003d0000000000000000 old_pe\u003d0000000000000000 new_pp\u003d0000000000002000 new_pi\u003d0000000000000000 new_pe\u003d0000000000002000\ntype\u003dEXECVE msg\u003daudit(1225742021.015:236): argc\u003d2 a0\u003d\"ping\" a1\u003d\"127.0.0.1\"\ntype\u003dCWD msg\u003daudit(1225742021.015:236): cwd\u003d\"/home/test\"\ntype\u003dPATH msg\u003daudit(1225742021.015:236): item\u003d0 name\u003d\"/bin/ping\" inode\u003d49256 dev\u003dfd:00 mode\u003d0100755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003dsystem_u:object_r:ping_exec_t:s0 cap_fp\u003d0000000000002000 cap_fe\u003d1 cap_fver\u003d2\ntype\u003dPATH msg\u003daudit(1225742021.015:236): item\u003d1 name\u003d(null) inode\u003d507915 dev\u003dfd:00 mode\u003d0100755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003dsystem_u:object_r:ld_so_t:s0\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f606ddf42fd4edc558eeb48bfee66d2c591571d2", "tree": "193f00db121201255b2629fce43b99a53c4ec735", "parents": [ "99764fa4ceeecba8b9e0a8a5565b418a2e94f83b" ], "author": { "name": "Adrian Bunk", "email": "bunk@kernel.org", "time": "Wed Jul 23 21:28:50 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jul 24 10:47:24 2008 -0700" }, "message": "remove the v850 port\n\nTrying to compile the v850 port brings many compile errors, one of them exists\nsince at least kernel 2.6.19.\n\nThere also seems to be noone willing to bring this port back into a usable\nstate.\n\nThis patch therefore removes the v850 port.\n\nIf anyone ever decides to revive the v850 port the code will still be\navailable from older kernels, and it wouldn\u0027t be impossible for the port to\nreenter the kernel if it would become actively maintained again.\n\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nAcked-by: Greg Ungerer \u003cgerg@uclinux.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d8de72473effd674a3c1fe9621821f406f5587c9", "tree": "4b96ac9b82cc156f9ee01da00450f1a97222353f", "parents": [ "9f0aecdd1cd6aacee9aa8f08031f4f2e09e454dc" ], "author": { "name": "Peng Haitao", "email": "penght@cn.fujitsu.com", "time": "Tue May 20 09:13:02 2008 +0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 24 23:36:35 2008 -0400" }, "message": "[PATCH] remove useless argument type in audit_filter_user()\n\nThe second argument \"type\" is not used in audit_filter_user(), so I think that type can be removed. If I\u0027m wrong, please tell me.\n\nSigned-off-by: Peng Haitao \u003cpenght@cn.fujitsu.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "8b67dca9420474623709e00d72a066068a502b20", "tree": "9d4dc19d849dd23cf00cee0851fd402062cdf1ea", "parents": [ "4a761b8c1d7a3a4ee7ccf92ce255d986f601e067" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 04:15:49 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:28:37 2008 -0400" }, "message": "[PATCH] new predicate - AUDIT_FILETYPE\n\nArgument is S_IF... | \u003cindex\u003e, where index is normally 0 or 1.\nTriggers if chosen element of ctx-\u003enames[] is present and the\nmode of object in question matches the upper bits of argument.\nI.e. for things like \"is the argument of that chmod a directory\",\netc.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a42da93c8641a0b49405ceb2a2063975c823aa49", "tree": "ad674ce1bc7ce1727ae0896998e11dbe6b8d66f0", "parents": [ "b556f8ad58c6e9f8f485c8cef7546e3fc82c382a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:36:22 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:19:29 2008 -0400" }, "message": "Audit: increase the maximum length of the key field\n\nKey lengths were arbitrarily limited to 32 characters. If userspace is going\nto start using the single kernel key field as multiple virtual key fields\n(example key\u003dkey1,key2,key3,key4) we should give them enough room to work.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b556f8ad58c6e9f8f485c8cef7546e3fc82c382a", "tree": "e7a1c5ce313b6dec9727d69b08b5005dc35709a3", "parents": [ "f09ac9db2aafe36fde9ebd63c8c5d776f6e7bd41" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:12:59 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:19:22 2008 -0400" }, "message": "Audit: standardize string audit interfaces\n\nThis patch standardized the string auditing interfaces. No userspace\nchanges will be visible and this is all just cleanup and consistancy\nwork. We have the following string audit interfaces to use:\n\nvoid audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len);\n\nvoid audit_log_n_string(struct audit_buffer *ab, const char *buf, size_t n);\nvoid audit_log_string(struct audit_buffer *ab, const char *buf);\n\nvoid audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string, size_t n);\nvoid audit_log_untrustedstring(struct audit_buffer *ab, const char *string);\n\nThis may be the first step to possibly fixing some of the issues that\npeople have with the string output from the kernel audit system. But we\nstill don\u0027t have an agreed upon solution to that problem.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "2532386f480eefbdd67b48be55fb4fb3e5a6081c", "tree": "dd6a5a3c4116a67380a1336319c16632f04f80f9", "parents": [ "436c405c7d19455a71f42c9bec5fd5e028f1eb4e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:09:25 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:18:03 2008 -0400" }, "message": "Audit: collect sessionid in netlink messages\n\nPreviously I added sessionid output to all audit messages where it was\navailable but we still didn\u0027t know the sessionid of the sender of\nnetlink messages. This patch adds that information to netlink messages\nso we can audit who sent netlink messages.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "04305e4aff8b0533dc05f9f6f1a34d0796bd985f", "tree": "9938264917b4b9e6e147b883d88fca94c6788b76", "parents": [ "9d57a7f9e23dc30783d245280fc9907cf2c87837" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Apr 19 09:59:43 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:59:43 2008 +1000" }, "message": "Audit: Final renamings and cleanup\n\nRename the se_str and se_rule audit fields elements to\nlsm_str and lsm_rule to avoid confusion.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9d57a7f9e23dc30783d245280fc9907cf2c87837", "tree": "508b81e213f5dca1097ccf0ece8ba092b168607b", "parents": [ "d7a96f3a1ae279a2129653d6cb18d722f2f00f91" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 22:03:14 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:53:46 2008 +1000" }, "message": "SELinux: use new audit hooks, remove redundant exports\n\nSetup the new Audit LSM hooks for SELinux.\nRemove the now redundant exported SELinux Audit interface.\n\nAudit: Export \u0027audit_krule\u0027 and \u0027audit_field\u0027 to the public\nsince their internals are needed by the implementation of the\nnew LSM hook \u0027audit_rule_known\u0027.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "44707fdf5938ad269ea5d6c5744d82f6a7328746", "tree": "7eb1704418eb41b859ad24bc48f6400135474d87", "parents": [ "a03a8a709a0c34b61b7aea1d54a0473a6b941fdb" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:38:33 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:17:08 2008 -0800" }, "message": "d_path: Use struct path in struct avc_audit_data\n\naudit_log_d_path() is a d_path() wrapper that is used by the audit code. To\nuse a struct path in audit_log_d_path() I need to embed it into struct\navc_audit_data.\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \"J. Bruce Fields\" \u003cbfields@fieldses.org\u003e\nCc: Neil Brown \u003cneilb@suse.de\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "de6bbd1d30e5912620d25dd15e3f180ac7f9fcef", "tree": "3807b13f8e2e490c258c5bb37915c95fc1bcfe20", "parents": [ "e445deb593d67c8ed13bd357c780a93d78bc84cf" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 14:31:58 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:23:55 2008 -0500" }, "message": "[AUDIT] break large execve argument logging into smaller messages\n\nexecve arguments can be quite large. There is no limit on the number of\narguments and a 4G limit on the size of an argument.\n\nthis patch prints those aruguments in bite sized pieces. a userspace size\nlimitation of 8k was discovered so this keeps messages around 7.5k\n\nsingle arguments larger than 7.5k in length are split into multiple records\nand can be identified as aX[Y]\u003d\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "c0641f28dcbecb6dc34a4fd003a9947fcd080696", "tree": "75cc2700afe2e83834895e7f45c7f663faf2e034", "parents": [ "4746ec5b01ed07205a91e4f7ed9de9d70f371407" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 13:49:15 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:07:19 2008 -0500" }, "message": "[AUDIT] Add End of Event record\n\nThis patch adds an end of event record type. It will be sent by the kernel as\nthe last record when a multi-record event is triggered. This will aid realtime\nanalysis programs since they will now reliably know they have the last record\nto complete an event. The audit daemon filters this and will not write it to\ndisk.\n\nSigned-off-by: Steve Grubb \u003csgrubb redhat com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "4746ec5b01ed07205a91e4f7ed9de9d70f371407", "tree": "7a3a836b6178ccab24801e90b69c1159b2c23099", "parents": [ "c2a7780efe37d01bdb3facc85a94663e6d67d4a8" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 08 10:06:53 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:06:51 2008 -0500" }, "message": "[AUDIT] add session id to audit messages\n\nIn order to correlate audit records to an individual login add a session\nid. This is incremented every time a user logs in and is included in\nalmost all messages which currently output the auid. The field is\nlabeled ses\u003d or oses\u003d\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "bfef93a5d1fb5654fe2025276c55e202d10b5255", "tree": "573d8153c5d5216b0c4007b652286eeddd3c0987", "parents": [ "0c11b9428f619ab377c92eff2f160a834a6585dd" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jan 10 04:53:18 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:05:28 2008 -0500" }, "message": "[PATCH] get rid of loginuid races\n\nKeeping loginuid in audit_context is racy and results in messier\ncode. Taken to task_struct, out of the way of -\u003eaudit_context\nchanges.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "0c11b9428f619ab377c92eff2f160a834a6585dd", "tree": "35b573715ad5730a77d067486838345132771a7a", "parents": [ "24e1c13c93cbdd05e4b7ea921c0050b036555adc" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jan 10 04:20:52 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:04:59 2008 -0500" }, "message": "[PATCH] switch audit_get_loginuid() to task_struct *\n\nall callers pass something-\u003eaudit_context\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "13541b3adad2dc2f56761c5193c2b88db3597f0e", "tree": "ef5dfff5135ecb91ccb379d351c9bc5f491e080a", "parents": [ "8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:44:23 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:29 2008 +1100" }, "message": "NetLabel: Add auditing to the static labeling mechanism\n\nThis patch adds auditing support to the NetLabel static labeling mechanism.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "74c3cbe33bc077ac1159cadfea608b501e100344", "tree": "4c4023caa4e15d19780255fa5880df3d36eb292c", "parents": [ "455434d450a358ac5bcf3fc58f8913d13c544622" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 08:04:18 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Oct 21 02:37:45 2007 -0400" }, "message": "[PATCH] audit: watching subtrees\n\nNew kind of audit rule predicates: \"object is visible in given subtree\".\nThe part that can be sanely implemented, that is. Limitations:\n\t* if you have hardlink from outside of tree, you\u0027d better watch\nit too (or just watch the object itself, obviously)\n\t* if you mount something under a watched tree, tell audit\nthat new chunk should be added to watched subtrees\n\t* if you umount something in a watched tree and it\u0027s still mounted\nelsewhere, you will get matches on events happening there. New command\ntells audit to recalculate the trees, trimming such sources of false\npositives.\n\nNote that it\u0027s _not_ about path - if something mounted in several places\n(multiple mount, bindings, different namespaces, etc.), the match does\n_not_ depend on which one we are using for access.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5a190ae69766da9a34bf31200c5cea4c0667cf94", "tree": "340c500fe42518abe6d1159a00619b1bd02f07fc", "parents": [ "cfa76f024f7c9e65169425804e5b32e71f66d0ee" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jun 07 12:19:32 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Oct 21 02:37:18 2007 -0400" }, "message": "[PATCH] pass dentry to audit_inode()/audit_inode_child()\n\nmakes caller simpler *and* allows to scan ancestors\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ab5f5e8b144e4c804ef3aa1ce08a9ca9f01187ce", "tree": "bf3915a618b29f507d882e9c665ed9d07e7c0765", "parents": [ "d2e9117c7aa9544d910634e17e3519fd67155229" ], "author": { "name": "Joy Latten", "email": "latten@austin.ibm.com", "time": "Mon Sep 17 11:51:22 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:49:02 2007 -0700" }, "message": "[XFRM]: xfrm audit calls\n\nThis patch modifies the current ipsec audit layer\nby breaking it up into purpose driven audit calls.\n\nSo far, the only audit calls made are when add/delete\nan SA/policy. It had been discussed to give each\nkey manager it\u0027s own calls to do this, but I found\nthere to be much redundnacy since they did the exact\nsame things, except for how they got auid and sid, so I\ncombined them. The below audit calls can be made by any\nkey manager. Hopefully, this is ok.\n\nSigned-off-by: Joy Latten \u003clatten@austin.ibm.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6dc2c1b7798ef645213afc82f6d5eac3d61bc18b", "tree": "1f6edacc42a38d836556d7bba52f2321e0397d89", "parents": [ "1ff6f3dbfb366b464869d3558406e498cb3e1159" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Thu Aug 23 10:19:53 2007 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Aug 23 21:37:45 2007 -0700" }, "message": "Renumber AUDIT_TTY_[GS]ET\n\nRenumber AUDIT_TTY_[GS]ET to avoid a conflict with netlink message types\nalready used in the wild.\n\nSigned-off-by: Miloslav Trmac \u003cmitr@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4259fa01a2d2aa3e589b34ba7624080232d9c1ff", "tree": "3aa83d784c4db22f3b62e4d963757497555c5e5c", "parents": [ "74f2345b6be1410f824cb7dd638d2c10a9709379" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jun 07 11:13:31 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 09:57:02 2007 -0400" }, "message": "[PATCH] get rid of AVC_PATH postponed treatment\n\n Selinux folks had been complaining about the lack of AVC_PATH\nrecords when audit is disabled. I must admit my stupidity - I assumed\nthat avc_audit() really couldn\u0027t use audit_log_d_path() because of\ndeadlocks (\u003d\u003d could be called with dcache_lock or vfsmount_lock held).\nShouldn\u0027t have made that assumption - it never gets called that way.\nIt _is_ called under spinlocks, but not those.\n\n Since audit_log_d_path() uses ab-\u003egfp_mask for allocations,\nkmalloc() in there is not a problem. IOW, the simple fix is sufficient:\nlet\u0027s rip AUDIT_AVC_PATH out and simply generate pathname as part of main\nrecord. It\u0027s trivial to do.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "74f2345b6be1410f824cb7dd638d2c10a9709379", "tree": "a9cbdb517eb01b04de3e641d87ef42ad186e91e3", "parents": [ "c926e4f432af0f61ac2b9b637fb51a4871a3fc91" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jun 04 17:00:14 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 09:57:02 2007 -0400" }, "message": "[PATCH] allow audit filtering on bit \u0026 operations\n\nRight now the audit filter can match on \u003d !\u003d \u003e \u003c \u003e\u003d blah blah blah.\nThis allow the filter to also look at bitwise AND operations, \u0026\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "522ed7767e800cff6c650ec64b0ee0677303119c", "tree": "f65ecb29f2cf885018d3557f840de3ef4be6ec64", "parents": [ "4f27c00bf80f122513d3a5be16ed851573164534" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Sun Jul 15 23:40:56 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "Audit: add TTY input auditing\n\nAdd TTY input auditing, used to audit system administrator\u0027s actions. This is\nrequired by various security standards such as DCID 6/3 and PCI to provide\nnon-repudiation of administrator\u0027s actions and to allow a review of past\nactions if the administrator seems to overstep their duties or if the system\nbecomes misconfigured for unknown reasons. These requirements do not make it\nnecessary to audit TTY output as well.\n\nCompared to an user-space keylogger, this approach records TTY input using the\naudit subsystem, correlated with other audit events, and it is completely\ntransparent to the user-space application (e.g. the console ioctls still\nwork).\n\nTTY input auditing works on a higher level than auditing all system calls\nwithin the session, which would produce an overwhelming amount of mostly\nuseless audit events.\n\nAdd an \"audit_tty\" attribute, inherited across fork (). Data read from TTYs\nby process with the attribute is sent to the audit subsystem by the kernel.\nThe audit netlink interface is extended to allow modifying the audit_tty\nattribute, and to allow sending explanatory audit events from user-space (for\nexample, a shell might send an event containing the final command, after the\ninteractive command-line editing and history expansion is performed, which\nmight be difficult to decipher from the TTY input alone).\n\nBecause the \"audit_tty\" attribute is inherited across fork (), it would be set\ne.g. for sshd restarted within an audited session. To prevent this, the\naudit_tty attribute is cleared when a process with no open TTY file\ndescriptors (e.g. after daemon startup) opens a TTY.\n\nSee https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a\nmore detailed rationale document for an older version of this patch.\n\n[akpm@linux-foundation.org: build fix]\nSigned-off-by: Miloslav Trmac \u003cmitr@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: Paul Fulghum \u003cpaulkf@microgate.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0a4ff8c2598b72f2fa9d50aae9e1809e684dbf41", "tree": "309f2b2b5874692302862534cd9052a1d96018ba", "parents": [ "5712e88f2b0f626a4857c24128810bbf8ce09537" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Thu Apr 19 10:28:21 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:26 2007 -0400" }, "message": "[PATCH] Abnormal End of Processes\n\nHi,\n\nI have been working on some code that detects abnormal events based on audit\nsystem events. One kind of event that we currently have no visibility for is\nwhen a program terminates due to segfault - which should never happen on a\nproduction machine. And if it did, you\u0027d want to investigate it. Attached is a\npatch that collects these events and sends them into the audit system.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4fc03b9beb2314f3adb9e72b7935a80c577954d1", "tree": "81e04534c582923fcdc8212497d1487ddae412a8", "parents": [ "510f4006e7a82b37b53c17bbe64ec20f3a59302b" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Tue Feb 13 14:15:01 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:26 2007 -0400" }, "message": "[PATCH] complete message queue auditing\n\nHandle the edge cases for POSIX message queue auditing. Collect inode\ninfo when opening an existing mq, and for send/receive operations. Remove\naudit_inode_update() as it has really evolved into the equivalent of\naudit_inode().\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e54dc2431d740a79a6bd013babade99d71b1714f", "tree": "16b0990d5c16946239a17b332f54b5918fb03305", "parents": [ "7f13da40e36c84d0d046b7adbd060af7d3717250" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Mar 29 18:01:04 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:25 2007 -0400" }, "message": "[PATCH] audit signal recipients\n\nWhen auditing syscalls that send signals, log the pid and security\ncontext for each target process. Optimize the data collection by\nadding a counter for signal-related rules, and avoiding allocating an\naux struct unless we have more than one target process. For process\ngroups, collect pid/context data in blocks of 16. Move the\naudit_signal_info() hook up in check_kill_permission() so we audit\nattempts where permission is denied.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7f13da40e36c84d0d046b7adbd060af7d3717250", "tree": "3cf0c58f674be94a7237734367ee5c04a5f223bc", "parents": [ "a5cb013da773a67ee48d1c19e96436c22a73a7eb" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Mar 29 18:00:37 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:25 2007 -0400" }, "message": "[PATCH] add SIGNAL syscall class (v3)\n\nAdd a syscall class for sending signals.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a5cb013da773a67ee48d1c19e96436c22a73a7eb", "tree": "8832d105c4742674423bd50352b8a4805c44fecc", "parents": [ "129a84de2347002f09721cda3155ccfd19fade40" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 20 13:58:35 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:25 2007 -0400" }, "message": "[PATCH] auditing ptrace\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3b46e650165f691a30ddede1a79d2df02f3459d7", "tree": "90cc53677412986b28d31001faa5e5a980cba7fe", "parents": [ "f991633de626a5f16069d00e26b45142e037ce24" ], "author": { "name": "Jeff Dike", "email": "jdike@addtoit.com", "time": "Tue Mar 06 01:42:17 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Mar 06 09:30:25 2007 -0800" }, "message": "[PATCH] linux/audit.h needs linux/types.h\n\nInclude linux/types.h here because we need a definition of __u32. This file\nappears not be exported verbatim by libc, so I think this doesn\u0027t have any\nuserspace consequences.\n\nSigned-off-by: Jeff Dike \u003cjdike@linux.intel.com\u003e\nCc: Paolo \u0027Blaisorblade\u0027 Giarrusso \u003cblaisorblade@yahoo.it\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "db3495099d3d52854b13874905af6e40a91f4721", "tree": "5a832081d70dd9dabda3498baf40b7d6ced47f24", "parents": [ "6a01b07fae482f9b34491b317056c89d3b96ca2e" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Feb 07 01:48:00 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Feb 17 21:30:15 2007 -0500" }, "message": "[PATCH] AUDIT_FD_PAIR\n\nProvide an audit record of the descriptor pair returned by pipe() and\nsocketpair(). Rewritten from the original posted to linux-audit by\nJohn D. Ramsdell \u003cramsdell@mitre.org\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "161a09e737f0761ca064ee6a907313402f7a54b6", "tree": "80fdf6dc5de73d810ef0ec811299a5ec3c5ce23e", "parents": [ "95b99a670df31ca5271f503f378e5cac3aee8f5e" ], "author": { "name": "Joy Latten", "email": "latten@austin.ibm.com", "time": "Mon Nov 27 13:11:54 2006 -0600" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Dec 06 20:14:22 2006 -0800" }, "message": "audit: Add auditing to ipsec\n\nAn audit message occurs when an ipsec SA\nor ipsec policy is created/deleted.\n\nSigned-off-by: Joy Latten \u003clatten@austin.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c8e649ba908954447e9a095677f6a6c8e50a37b2", "tree": "7a02cf7ed8222e9f62b3a53f9eba8d13354e268f", "parents": [ "ac9910ce017ff5f86f3a25e969b2c4f5d6ac438f" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Fri Sep 29 11:56:49 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Oct 04 08:31:24 2006 -0400" }, "message": "[PATCH] message types updated\n\nHi,\n\nThis patch adds a new type for 3rd party module use and cleans up a deprecated\nmessage type.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "95d4e6be25a68cd9fbe8c0d356b585504d8db1c7", "tree": "2133c970e6786bdf82004ace225b6bca19b9ddba", "parents": [ "d6c641026dec68acfb4b0baa98aad960e963ed97" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Fri Sep 29 17:05:05 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Sep 29 17:05:05 2006 -0700" }, "message": "[NetLabel]: audit fixups due to delayed feedback\n\nFix some issues Steve Grubb had with the way NetLabel was using the audit\nsubsystem. This should make NetLabel more consistent with other kernel\ngenerated audit messages specifying configuration changes.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "32f50cdee666333168b5203c7864bede159f789e", "tree": "c4989cc2521551714f656d60f6b895232ffdeda6", "parents": [ "8ea333eb5da3e3219f570220c56bca09f6f4d25a" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Thu Sep 28 14:51:47 2006 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Thu Sep 28 18:03:09 2006 -0700" }, "message": "[NetLabel]: add audit support for configuration changes\n\nThis patch adds audit support to NetLabel, including six new audit message\ntypes shown below.\n\n #define AUDIT_MAC_UNLBL_ACCEPT 1406\n #define AUDIT_MAC_UNLBL_DENY 1407\n #define AUDIT_MAC_CIPSOV4_ADD 1408\n #define AUDIT_MAC_CIPSOV4_DEL 1409\n #define AUDIT_MAC_MAP_ADD 1410\n #define AUDIT_MAC_MAP_DEL 1411\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "55669bfa141b488be865341ed12e188967d11308", "tree": "efeec37a93f46c48937eb849c083da9a42ed3709", "parents": [ "dc104fb3231f11e95b5a0f09ae3ab27a8fd5b2e8" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 31 19:26:40 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Sep 11 13:32:30 2006 -0400" }, "message": "[PATCH] audit: AUDIT_PERM support\n\nadd support for AUDIT_PERM predicate\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "dc104fb3231f11e95b5a0f09ae3ab27a8fd5b2e8", "tree": "2db993a72a4eac79841f531e2961576bf9fb56d7", "parents": [ "c08037997d4ae3e9a679fbdb46ed47c957916e14" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 31 19:05:56 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Sep 11 13:32:27 2006 -0400" }, "message": "[PATCH] audit: more syscall classes added\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5ac3a9c26c1cc4861d9cdd8b293fecbfcdc81afe", "tree": "6ca960fade3253ac358f3614e6a07361fc90d09e", "parents": [ "d51374adf5f2f88155a072d3d801104e3c0c3d7f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 16 06:38:45 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:59:42 2006 -0400" }, "message": "[PATCH] don\u0027t bother with aux entires for dummy context\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d51374adf5f2f88155a072d3d801104e3c0c3d7f", "tree": "2b87e74cdb43fca5635cc25fb5a419cbb686ce00", "parents": [ "471a5c7c839114cc8b55876203aeb2817c33e3c5" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:59:26 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:59:26 2006 -0400" }, "message": "[PATCH] mark context of syscall entered with no rules as dummy\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "471a5c7c839114cc8b55876203aeb2817c33e3c5", "tree": "a034011f4efe66adcdca6e21efc2e05b0c0d3e34", "parents": [ "5422e01ac16df7398b2bad1eccad0ae3be4dee32" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jul 10 08:29:24 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:55:18 2006 -0400" }, "message": "[PATCH] introduce audit rules counter\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "73d3ec5abad3f1730ac8530899d2c14d92f3ad63", "tree": "c2829a1e36ca155eecc7d4b8648fe9755247bec5", "parents": [ "3e2efce067cec0099f99ae59f28feda99b02b498" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Jul 13 13:16:39 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:50:30 2006 -0400" }, "message": "[PATCH] fix missed create event for directory audit\n\nWhen an object is created via a symlink into an audited directory, audit misses\nthe event due to not having collected the inode data for the directory. Modify\n__audit_inode_child() to copy the parent inode data if a parent wasn\u0027t found in\naudit_names[].\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3e2efce067cec0099f99ae59f28feda99b02b498", "tree": "94577cb6cb7f223319bb89a805b2d6945d42632e", "parents": [ "46f5960fdbf359f0c75989854bbaebc1de7a1eb4" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Jul 13 13:16:02 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:50:21 2006 -0400" }, "message": "[PATCH] fix faulty inode data collection for open() with O_CREAT\n\nWhen the specified path is an existing file or when it is a symlink, audit\ncollects the wrong inode number, which causes it to miss the open() event.\nAdding a second hook to the open() path fixes this.\n\nAlso add audit_copy_inode() to consolidate some code.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b915543b46a2aa599fdd2169e51bcfd88812a12b", "tree": "8025e6654829d4c245b5b6b6f47a84543ebffb7b", "parents": [ "6e5a2d1d32596850a0ebf7fb3e54c0d69901dabd" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 01 03:56:16 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 01 07:44:10 2006 -0400" }, "message": "[PATCH] audit syscall classes\n\nAllow to tie upper bits of syscall bitmap in audit rules to kernel-defined\nsets of syscalls. Infrastructure, a couple of classes (with 32bit counterparts\nfor biarch targets) and actual tie-in on i386, amd64 and ia64.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3a6b9f85c641a3b89420b0c8150ed377526a1fe1", "tree": "e44e64edf0620d3f6da443c57540b09882231459", "parents": [ "5adc8a6adc91c4c85a64c75a70a619fffc924817" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@trustedcs.com", "time": "Thu Jun 29 16:56:39 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 01 05:44:08 2006 -0400" }, "message": "[PATCH] audit: rename AUDIT_SE_* constants\n\nThis patch renames some audit constant definitions and adds\nadditional definitions used by the following patch. The renaming\navoids ambiguity with respect to the new definitions.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\n\n include/linux/audit.h | 15 ++++++++----\n kernel/auditfilter.c | 50 ++++++++++++++++++++---------------------\n kernel/auditsc.c | 10 ++++----\n security/selinux/ss/services.c | 32 +++++++++++++-------------\n 4 files changed, 56 insertions(+), 51 deletions(-)\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5adc8a6adc91c4c85a64c75a70a619fffc924817", "tree": "ace9af6bbc3cf711f43cfd88e834baeb6989ca3f", "parents": [ "9262e9149f346a5443300f8c451b8e7631e81a42" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Wed Jun 14 18:45:21 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 01 05:43:06 2006 -0400" }, "message": "[PATCH] add rule filterkey\n\nAdd support for a rule key, which can be used to tie audit records to audit\nrules. This is useful when a watched file is accessed through a link or\nsymlink, as well as for general audit log analysis.\n\nBecause this patch uses a string key instead of an integer key, there is a bit\nof extra overhead to do the kstrdup() when a rule fires. However, we\u0027re also\nallocating memory for the audit record buffer, so it\u0027s probably not that\nsignificant. I went ahead with a string key because it seems more\nuser-friendly.\n\nNote that the user must ensure that filterkeys are unique. The kernel only\nchecks for duplicate rules.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hpd.com\u003e\n" }, { "commit": "d9eaec9e295a84a80b663996d0489fcff3a1dca9", "tree": "85cfc09bb5f0eb42d3be7dfbddaad31353307796", "parents": [ "cee4cca740d209bcb4b9857baa2253d5ba4e3fbe", "41757106b9ca7867dafb2404d618f947b4786fd7" ], "author": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jun 20 15:37:56 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Jun 20 15:37:56 2006 -0700" }, "message": "Merge branch \u0027audit.b21\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current\n\n* \u0027audit.b21\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (25 commits)\n [PATCH] make set_loginuid obey audit_enabled\n [PATCH] log more info for directory entry change events\n [PATCH] fix AUDIT_FILTER_PREPEND handling\n [PATCH] validate rule fields\u0027 types\n [PATCH] audit: path-based rules\n [PATCH] Audit of POSIX Message Queue Syscalls v.2\n [PATCH] fix se_sen audit filter\n [PATCH] deprecate AUDIT_POSSBILE\n [PATCH] inline more audit helpers\n [PATCH] proc_loginuid_write() uses simple_strtoul() on non-terminated array\n [PATCH] update of IPC audit record cleanup\n [PATCH] minor audit updates\n [PATCH] fix audit_krule_to_{rule,data} return values\n [PATCH] add filtering by ppid\n [PATCH] log ppid\n [PATCH] collect sid of those who send signals to auditd\n [PATCH] execve argument logging\n [PATCH] fix deadlocks in AUDIT_LIST/AUDIT_LIST_RULES\n [PATCH] audit_panic() is audit-internal\n [PATCH] inotify (5/5): update kernel documentation\n ...\n\nManual fixup of conflict in unclude/linux/inotify.h\n" }, { "commit": "9c937dcc71021f2dbf78f904f03d962dd9bcc130", "tree": "6ab53c1cf1235515307d521cecc4f76afa34e137", "parents": [ "6a2bceec0ea7fdc47aef9a3f2f771c201eaabe5d" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Jun 08 23:19:31 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:28 2006 -0400" }, "message": "[PATCH] log more info for directory entry change events\n\nWhen an audit event involves changes to a directory entry, include\na PATH record for the directory itself. A few other notable changes:\n\n - fixed audit_inode_child() hooks in fsnotify_move()\n - removed unused flags arg from audit_inode()\n - added audit log routines for logging a portion of a string\n\nHere\u0027s some sample output.\n\nbefore patch:\ntype\u003dSYSCALL msg\u003daudit(1149821605.320:26): arch\u003d40000003 syscall\u003d39 success\u003dyes exit\u003d0 a0\u003dbf8d3c7c a1\u003d1ff a2\u003d804e1b8 a3\u003dbf8d3c7c items\u003d1 ppid\u003d739 pid\u003d800 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dttyS0 comm\u003d\"mkdir\" exe\u003d\"/bin/mkdir\" subj\u003droot:system_r:unconfined_t:s0-s0:c0.c255\ntype\u003dCWD msg\u003daudit(1149821605.320:26): cwd\u003d\"/root\"\ntype\u003dPATH msg\u003daudit(1149821605.320:26): item\u003d0 name\u003d\"foo\" parent\u003d164068 inode\u003d164010 dev\u003d03:00 mode\u003d040755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_t:s0\n\nafter patch:\ntype\u003dSYSCALL msg\u003daudit(1149822032.332:24): arch\u003d40000003 syscall\u003d39 success\u003dyes exit\u003d0 a0\u003dbfdd9c7c a1\u003d1ff a2\u003d804e1b8 a3\u003dbfdd9c7c items\u003d2 ppid\u003d714 pid\u003d777 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dttyS0 comm\u003d\"mkdir\" exe\u003d\"/bin/mkdir\" subj\u003droot:system_r:unconfined_t:s0-s0:c0.c255\ntype\u003dCWD msg\u003daudit(1149822032.332:24): cwd\u003d\"/root\"\ntype\u003dPATH msg\u003daudit(1149822032.332:24): item\u003d0 name\u003d\"/root\" inode\u003d164068 dev\u003d03:00 mode\u003d040750 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_dir_t:s0\ntype\u003dPATH msg\u003daudit(1149822032.332:24): item\u003d1 name\u003d\"foo\" inode\u003d164010 dev\u003d03:00 mode\u003d040755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_t:s0\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f368c07d7214a7c41dfceb76c8db473b850f0229", "tree": "e3f1e2d1a6ffbe61bf99ece51b906654728db4c9", "parents": [ "20ca73bc792be9625af184cbec36e1372611d1c3" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Fri Apr 07 16:55:56 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:27 2006 -0400" }, "message": "[PATCH] audit: path-based rules\n\nIn this implementation, audit registers inotify watches on the parent\ndirectories of paths specified in audit rules. When audit\u0027s inotify\nevent handler is called, it updates any affected rules based on the\nfilesystem event. If the parent directory is renamed, removed, or its\nfilesystem is unmounted, audit removes all rules referencing that\ninotify watch.\n\nTo keep things simple, this implementation limits location-based\nauditing to the directory entries in an existing directory. Given\na path-based rule for /foo/bar/passwd, the following table applies:\n\n passwd modified -- audit event logged\n passwd replaced -- audit event logged, rules list updated\n bar renamed -- rule removed\n foo renamed -- untracked, meaning that the rule now applies to\n\t\t the new location\n\nAudit users typically want to have many rules referencing filesystem\nobjects, which can significantly impact filtering performance. This\npatch also adds an inode-number-based rule hash to mitigate this\nsituation.\n\nThe patch is relative to the audit git tree:\nhttp://kernel.org/git/?p\u003dlinux/kernel/git/viro/audit-current.git;a\u003dsummary\nand uses the inotify kernel API:\nhttp://lkml.org/lkml/2006/6/1/145\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "20ca73bc792be9625af184cbec36e1372611d1c3", "tree": "98a1232ad3c9baa14676b2b48fab79a3df4a20b0", "parents": [ "8ba8e0fbe6321961f6ba04e2fd7215b37d935c83" ], "author": { "name": "George C. Wilson", "email": "ltcgcw@us.ibm.com", "time": "Wed May 24 16:09:55 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:26 2006 -0400" }, "message": "[PATCH] Audit of POSIX Message Queue Syscalls v.2\n\nThis patch adds audit support to POSIX message queues. It applies cleanly to\nthe lspp.b15 branch of Al Viro\u0027s git tree. There are new auxiliary data\nstructures, and collection and emission routines in kernel/auditsc.c. New hooks\nin ipc/mqueue.c collect arguments from the syscalls.\n\nI tested the patch by building the examples from the POSIX MQ library tarball.\nBuild them -lrt, not against the old MQ library in the tarball. Here\u0027s the URL:\nhttp://www.geocities.com/wronski12/posix_ipc/libmqueue-4.41.tar.gz\nDo auditctl -a exit,always -S for mq_open, mq_timedsend, mq_timedreceive,\nmq_notify, mq_getsetattr. mq_unlink has no new hooks. Please see the\ncorresponding userspace patch to get correct output from auditd for the new\nrecord types.\n\n[fixes folded]\n\nSigned-off-by: George Wilson \u003cltcgcw@us.ibm.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d8945bb51a2bb6623cfa36b9ff63594f46d513aa", "tree": "b369c9b853e90790a04baa70ee66a2ef9e15fd18", "parents": [ "e0182909297da8d38a5d473ae7bee3d0324632a1" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 18 16:01:30 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:25 2006 -0400" }, "message": "[PATCH] inline more audit helpers\n\npull checks for -\u003eaudit_context into inlined wrappers\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ac03221a4fdda9bfdabf99bcd129847f20fc1d80", "tree": "9b65ede238b03007bfe5e25f46efca68ec0994e0", "parents": [ "5d136a010de3bc16fe595987feb9ef8868f064c2" ], "author": { "name": "Linda Knippers", "email": "linda.knippers@hp.com", "time": "Tue May 16 22:03:48 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:24 2006 -0400" }, "message": "[PATCH] update of IPC audit record cleanup\n\nThe following patch addresses most of the issues with the IPC_SET_PERM\nrecords as described in:\nhttps://www.redhat.com/archives/linux-audit/2006-May/msg00010.html\nand addresses the comments I received on the record field names.\n\nTo summarize, I made the following changes:\n\n1. Changed sys_msgctl() and semctl_down() so that an IPC_SET_PERM\n record is emitted in the failure case as well as the success case.\n This matches the behavior in sys_shmctl(). I could simplify the\n code in sys_msgctl() and semctl_down() slightly but it would mean\n that in some error cases we could get an IPC_SET_PERM record\n without an IPC record and that seemed odd.\n\n2. No change to the IPC record type, given no feedback on the backward\n compatibility question.\n\n3. Removed the qbytes field from the IPC record. It wasn\u0027t being\n set and when audit_ipc_obj() is called from ipcperms(), the\n information isn\u0027t available. If we want the information in the IPC\n record, more extensive changes will be necessary. Since it only\n applies to message queues and it isn\u0027t really permission related, it\n doesn\u0027t seem worth it.\n\n4. Removed the obj field from the IPC_SET_PERM record. This means that\n the kern_ipc_perm argument is no longer needed.\n\n5. Removed the spaces and renamed the IPC_SET_PERM field names. Replaced iuid and\n igid fields with ouid and ogid in the IPC record.\n\nI tested this with the lspp.22 kernel on an x86_64 box. I believe it\napplies cleanly on the latest kernel.\n\n-- ljk\n\nSigned-off-by: Linda Knippers \u003clinda.knippers@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3c66251e573219a0532a5a07381b2f60a412d9eb", "tree": "b047b25d28ae1abe6bb81daba886e44e0a82094f", "parents": [ "f46038ff7d23ae092d61b366332c05aab8227b48" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat May 06 08:26:27 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:22 2006 -0400" }, "message": "[PATCH] add filtering by ppid\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e1396065e0489f98b35021b97907ab4edbfb24e1", "tree": "a276ea0a2ece9132d435adf1a1f82d0ada1ae938", "parents": [ "473ae30bc7b1dda5c5791c773f95e9424ddfead9" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 25 10:19:47 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:21 2006 -0400" }, "message": "[PATCH] collect sid of those who send signals to auditd\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "473ae30bc7b1dda5c5791c773f95e9424ddfead9", "tree": "541f6f20b9131fcfb650ca491e291d3c6b148a1b", "parents": [ "9044e6bca5a4a575d3c068dfccb5651a2d6a13bc" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Apr 26 14:04:08 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:21 2006 -0400" }, "message": "[PATCH] execve argument logging\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "bc0f3b8ebba611291fdaa2864dbffd2d29336c64", "tree": "08418bb535747731348609b5ca2ddbbd8fa0f510", "parents": [ "0edce197db00094d04c7fb147903add814c9db67" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 22 01:36:34 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:20 2006 -0400" }, "message": "[PATCH] audit_panic() is audit-internal\n\n... no need to provide a stub; note that extern is already gone from\ninclude/linux/audit.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5047f09b56d0bc3c21aec9cb16de60283da645c6", "tree": "09a07554b933c3bb912ce3bfc0ea7c7e1f16041c", "parents": [ "c0f1fe00c3923135b2c2f443448585482da8a53e", "5528e568a760442e0ec8fd2dea1f0791875a066b" ], "author": { "name": "David Woodhouse", "email": "dwmw2@infradead.org", "time": "Sat May 06 19:59:18 2006 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@infradead.org", "time": "Sat May 06 19:59:18 2006 +0100" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "073115d6b29c7910feaa08241c6484637f5ca958", "tree": "5fd32da9f54b3c12b65d3c0142fb9bdf87dc01c3", "parents": [ "ce29b682e228c70cdc91a1b2935c5adb2087bab8" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Sun Apr 02 17:07:33 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:10:04 2006 -0400" }, "message": "[PATCH] Rework of IPC auditing\n\n1) The audit_ipc_perms() function has been split into two different\nfunctions:\n - audit_ipc_obj()\n - audit_ipc_set_perm()\n\nThere\u0027s a key shift here... The audit_ipc_obj() collects the uid, gid,\nmode, and SElinux context label of the current ipc object. This\naudit_ipc_obj() hook is now found in several places. Most notably, it\nis hooked in ipcperms(), which is called in various places around the\nipc code permforming a MAC check. Additionally there are several places\nwhere *checkid() is used to validate that an operation is being\nperformed on a valid object while not necessarily having a nearby\nipcperms() call. In these locations, audit_ipc_obj() is called to\nensure that the information is captured by the audit system.\n\nThe audit_set_new_perm() function is called any time the permissions on\nthe ipc object changes. In this case, the NEW permissions are recorded\n(and note that an audit_ipc_obj() call exists just a few lines before\neach instance).\n\n2) Support for an AUDIT_IPC_SET_PERM audit message type. This allows\nfor separate auxiliary audit records for normal operations on an IPC\nobject and permissions changes. Note that the same struct\naudit_aux_data_ipcctl is used and populated, however there are separate\naudit_log_format statements based on the type of the message. Finally,\nthe AUDIT_IPC block of code in audit_free_aux() was extended to handle\naux messages of this new type. No more mem leaks I hope ;-)\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ce29b682e228c70cdc91a1b2935c5adb2087bab8", "tree": "39e3e5b345748bec1c2d21962407689cdb1b7dab", "parents": [ "e7c3497013a7e5496ce3d5fd3c73b5cf5af7a56e" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Sat Apr 01 18:29:34 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:10:01 2006 -0400" }, "message": "[PATCH] More user space subject labels\n\nHi,\n\nThe patch below builds upon the patch sent earlier and adds subject label to\nall audit events generated via the netlink interface. It also cleans up a few\nother minor things.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "376bd9cb357ec945ac893feaeb63af7370a6e70b", "tree": "7e2848792982dfe30e19a600a41fa5cb49ee6e6e", "parents": [ "97e94c453073a2aba4bb5e0825ddc5e923debf11" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@trustedcs.com", "time": "Fri Feb 24 15:44:05 2006 -0600" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:06:24 2006 -0400" }, "message": "[PATCH] support for context based audit filtering\n\nThe following patch provides selinux interfaces that will allow the audit\nsystem to perform filtering based on the process context (user, role, type,\nsensitivity, and clearance). These interfaces will allow the selinux\nmodule to perform efficient matches based on lower level selinux constructs,\nrather than relying on context retrievals and string comparisons within\nthe audit module. It also allows for dominance checks on the mls portion\nof the contexts that are impossible with only string comparisons.\n\nSigned-off-by: Darrel Goeddel \u003cdgoeddel@trustedcs.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5411be59db80333039386f3b1ccfe5eb9023a916", "tree": "77873af4b7557768c3c48b56e7ae4508be4a70a5", "parents": [ "e495149b173d8e133e1f6f2eb86fd97be7e92010" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 29 20:23:36 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:06:18 2006 -0400" }, "message": "[PATCH] drop task argument of audit_syscall_{entry,exit}\n\n... it\u0027s always current, and that\u0027s a good thing - allows simpler locking.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f001e47f83db18a9f202f25c0255b4d11ebe468b", "tree": "0d459fdb2dce2d21f5739619210bcd4b679a49f2", "parents": [ "62c4f0a2d5a188f73a94f2cb8ea0dba3e7cf0a7f" ], "author": { "name": "David Woodhouse", "email": "dwmw2@infradead.org", "time": "Thu Apr 27 00:11:01 2006 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@infradead.org", "time": "Thu Apr 27 00:11:01 2006 +0100" }, "message": "Sanitise linux/audit.h for userspace consumption, split elf-em.h from elf.h\n\nDon\u0027t include \u003clinux/sched.h\u003e outside __KERNEL__, and split the EM_xxx\ndefinitions out of elf.h into elf-em.h so that audit.h can include just\nthat and not pollute the namespace any further than it needs to.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "5bdb98868062c1b14025883049551af343233187", "tree": "1f15c49cf4c9535bb3897d5fedbe78b3a7651410", "parents": [ "a6c043a887a9db32a545539426ddfc8cc2c28f8f" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Sat Dec 03 08:39:35 2005 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:55 2006 -0500" }, "message": "[PATCH] promiscuous mode\n\nHi,\n\nWhen a network interface goes into promiscuous mode, its an important security\nissue. The attached patch is intended to capture that action and send an\nevent to the audit system.\n\nThe patch carves out a new block of numbers for kernel detected anomalies.\nThese are events that may indicate suspicious activity. Other examples of\npotential kernel anomalies would be: exceeding disk quota, rlimit violations,\nchanges to syscall entry table.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5d3301088f7e412992d9e61cc3604cbdff3090ff", "tree": "6dbcea6a4707474393b640f8aaa588b2aa90309e", "parents": [ "93315ed6dd12dacfc941f9eb8ca0293aadf99793" ], "author": { "name": "Steve Grubb", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jan 09 09:48:17 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:55 2006 -0500" }, "message": "[PATCH] add/remove rule update\n\nHi,\n\nThe following patch adds a little more information to the add/remove rule message emitted\nby the kernel.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "93315ed6dd12dacfc941f9eb8ca0293aadf99793", "tree": "4fc070c92a1de21d3befe4ce48c733c65d044bb3", "parents": [ "af601e4623d0303bfafa54ec728b7ae8493a8e1b" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Tue Feb 07 12:05:27 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] audit string fields interface + consumer\n\nUpdated patch to dynamically allocate audit rule fields in kernel\u0027s\ninternal representation. Added unlikely() calls for testing memory\nallocation result.\n\nAmy Griffis wrote: [Wed Jan 11 2006, 02:02:31PM EST]\n\u003e Modify audit\u0027s kernel-userspace interface to allow the specification\n\u003e of string fields in audit rules.\n\u003e\n\u003e Signed-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n(cherry picked from 5ffc4a863f92351b720fe3e9c5cd647accff9e03 commit)\n" }, { "commit": "af601e4623d0303bfafa54ec728b7ae8493a8e1b", "tree": "5f79d5ae42eeccfc1ffaf8e82a1999e4d3af793e", "parents": [ "d884596f44ef5a0bcd8a66405dc04902aeaa6fc7" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Wed Jan 04 14:08:39 2006 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] SE Linux audit events\n\nAttached is a patch that hardwires important SE Linux events to the audit\nsystem. Please Apply.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "fe7752bab26a9ac0651b695ad4f55659761f68f7", "tree": "b2e516a52232c978fc824b226418d8a28460b8a8", "parents": [ "ee436dc46a762f430e37952d375a23d87735f73f" ], "author": { "name": "David Woodhouse", "email": "dwmw2@infradead.org", "time": "Thu Dec 15 18:33:52 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL\n\nThis fixes the per-user and per-message-type filtering when syscall\nauditing isn\u0027t enabled.\n\n[AV: folded followup fix from the same author]\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "8c8570fb8feef2bc166bee75a85748b25cda22d9", "tree": "ed783d405ea9d5f3d3ccc57fb56c7b7cb2cdfb82", "parents": [ "c8edc80c8b8c397c53f4f659a05b9ea6208029bf" ], "author": { "name": "Dustin Kirkland", "email": "dustin.kirkland@us.ibm.com", "time": "Thu Nov 03 17:15:16 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Capture selinux subject/object context information.\n\nThis patch extends existing audit records with subject/object context\ninformation. Audit records associated with filesystem inodes, ipc, and\ntasks now contain SELinux label information in the field \"subj\" if the\nitem is performing the action, or in \"obj\" if the item is the receiver\nof an action.\n\nThese labels are collected via hooks in SELinux and appended to the\nappropriate record in the audit code.\n\nThis additional information is required for Common Criteria Labeled\nSecurity Protection Profile (LSPP).\n\n[AV: fixed kmalloc flags use]\n[folded leak fixes]\n[folded cleanup from akpm (kfree(NULL)]\n[folded audit_inode_context() leak fix]\n[folded akpm\u0027s fix for audit_ipc_perm() definition in case of !CONFIG_AUDIT]\n\nSigned-off-by: Dustin Kirkland \u003cdustin.kirkland@us.ibm.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c8edc80c8b8c397c53f4f659a05b9ea6208029bf", "tree": "0b09c0ff9ea28038b711d7368100302a1cc69b6d", "parents": [ "73241ccca0f7786933f1d31b3d86f2456549953a" ], "author": { "name": "Dustin Kirkland", "email": "dustin.kirkland@us.ibm.com", "time": "Thu Nov 03 16:12:36 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Exclude messages by message type\n\n - Add a new, 5th filter called \"exclude\".\n - And add a new field AUDIT_MSGTYPE.\n - Define a new function audit_filter_exclude() that takes a message type\n as input and examines all rules in the filter. It returns \u00271\u0027 if the\n message is to be excluded, and \u00270\u0027 otherwise.\n - Call the audit_filter_exclude() function near the top of\n audit_log_start() just after asserting audit_initialized. If the\n message type is not to be audited, return NULL very early, before\n doing a lot of work.\n[combined with followup fix for bug in original patch, Nov 4, same author]\n[combined with later renaming AUDIT_FILTER_EXCLUDE-\u003eAUDIT_FILTER_TYPE\nand audit_filter_exclude() -\u003e audit_filter_type()]\n\nSigned-off-by: Dustin Kirkland \u003cdustin.kirkland@us.ibm.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "73241ccca0f7786933f1d31b3d86f2456549953a", "tree": "daa7efabfb7aa2f511a467606786820949e8763e", "parents": [ "f38aa94224c5517a40ba56d453779f70d3229803" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Nov 03 16:00:25 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:53 2006 -0500" }, "message": "[PATCH] Collect more inode information during syscall processing.\n\nThis patch augments the collection of inode info during syscall\nprocessing. It represents part of the functionality that was provided\nby the auditfs patch included in RHEL4.\n\nSpecifically, it:\n\n- Collects information for target inodes created or removed during\n syscalls. Previous code only collects information for the target\n inode\u0027s parent.\n\n- Adds the audit_inode() hook to syscalls that operate on a file\n descriptor (e.g. fchown), enabling audit to do inode filtering for\n these calls.\n\n- Modifies filtering code to check audit context for either an inode #\n or a parent inode # matching a given rule.\n\n- Modifies logging to provide inode # for both parent and child.\n\n- Protect debug info from NULL audit_names.name.\n\n[AV: folded a later typo fix from the same author]\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "90d526c074ae5db484388da56c399acf892b6c17", "tree": "edeb7c47d9144f3995846c5fc25db8e49ef12f5d", "parents": [ "b63862f46547487388e582e8ac9083830d34f058" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Thu Nov 03 15:48:08 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:53 2006 -0500" }, "message": "[PATCH] Define new range of userspace messages.\n\nThe attached patch updates various items for the new user space\nmessages. Please apply.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "b63862f46547487388e582e8ac9083830d34f058", "tree": "5aa0173c02535fdd9dfe302e9c8a8a225091ed56", "parents": [ "b0dd25a8263dde3c30b0d7d72a8bd92d7ba0e3f5" ], "author": { "name": "Dustin Kirkland", "email": "dustin.kirkland@us.ibm.com", "time": "Thu Nov 03 15:41:46 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:53 2006 -0500" }, "message": "[PATCH] Filter rule comparators\n\nCurrently, audit only supports the \"\u003d\" and \"!\u003d\" operators in the -F\nfilter rules.\n\nThis patch reworks the support for \"\u003d\" and \"!\u003d\", and adds support\nfor \"\u003e\", \"\u003e\u003d\", \"\u003c\", and \"\u003c\u003d\".\n\nThis turned out to be a pretty clean, and simply process. I ended up\nusing the high order bits of the \"field\", as suggested by Steve and Amy.\nThis allowed for no changes whatsoever to the netlink communications.\nSee the documentation within the patch in the include/linux/audit.h\narea, where there is a table that explains the reasoning of the bitmask\nassignments clearly.\n\nThe patch adds a new function, audit_comparator(left, op, right).\nThis function will perform the specified comparison (op, which defaults\nto \"\u003d\u003d\" for backward compatibility) between two values (left and right).\nIf the negate bit is on, it will negate whatever that result was. This\nvalue is returned.\n\nSigned-off-by: Dustin Kirkland \u003cdustin.kirkland@us.ibm.com\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "9796fdd829da626374458e8706daedcc0e432ddd", "tree": "a0b4af7f45267cdcdfb677c2167906c6ef981b76", "parents": [ "55016f10e31bb15b85d8c500f979dfdceb37d548" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 21 03:22:03 2005 -0400" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Oct 28 08:16:49 2005 -0700" }, "message": "[PATCH] gfp_t: kernel/*\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "30beab1491f0b96b2f23d3fb68af01fd921a16d8", "tree": "c580bdc0846269fbb10feeda901ecec1a48ee2ef", "parents": [ "21af6c4f2aa5f63138871b4ddd77d7ebf2588c9d", "c32511e2718618f0b53479eb36e07439aa363a74" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jul 13 15:25:59 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jul 13 15:25:59 2005 +0100" }, "message": "Merge with /shiny/git/linux-2.6/.git\n" }, { "commit": "f7ceba360cce9af3fbc4e5a5b1bd40b570b7021c", "tree": "1d138496048bbf5851cd60dee7acb912cffc6971", "parents": [ "8d8a64796fdee4e20355c6c12c9cc630a2e7494d" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Jul 10 19:29:45 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Jul 10 19:29:45 2005 -0700" }, "message": "[SPARC64]: Add syscall auditing support.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7b430437c0de81681ecfa8efa8f55823df733529", "tree": "c91b2dcb370b561c448d9005ef0ec41426ff7ef3", "parents": [ "13774024da8ebdf17212c0f5a83f5b0681a649eb" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat Jul 02 13:50:40 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat Jul 02 13:50:40 2005 +0100" }, "message": "AUDIT: Fix definition of audit_log() if audit not enabled\n\naudit_log() also takes an extra argument, although it\u0027s a vararg \nfunction so the compiler didn\u0027t really notice.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "13774024da8ebdf17212c0f5a83f5b0681a649eb", "tree": "22a847f6c112b2dc24181082c31000a515bcf00e", "parents": [ "d2f6409584e2c62ffad81690562330ff3bf4a458" ], "author": { "name": "Badari Pulavarty", "email": "pbadari@yahoo.com", "time": "Sat Jul 02 13:49:07 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Sat Jul 02 13:49:07 2005 +0100" }, "message": "AUDIT: Fix definition of audit_log_start() if audit not enabled\n\naudit_log_start() seems to take 3 arguments, but its defined to take \nonly 2 when AUDIT is turned off.\n\nsecurity/selinux/avc.c:553:75: macro \"audit_log_start\" passed 3 arguments, but takes just 2\n\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "5bb289b5a0becb53ac3e1d60815ff8b779296b73", "tree": "0db75422d66eec857e0c05cd4cf4d014e7c0e264", "parents": [ "993e2d4106e94dae6e8cfbeb32073bd12cdee203" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Fri Jun 24 14:14:05 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Fri Jun 24 14:14:05 2005 +0100" }, "message": "AUDIT: Clean up user message filtering\n\nDon\u0027t look up the task by its pid and then use the syscall filtering\nhelper. Just implement our own filter helper which operates solely on\nthe information in the netlink_skb_parms. \n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "9ad9ad385be27fcc7c16d290d972c6173e780a61", "tree": "bbca700c2d88ba421a6c9c348de367eaf4de0e2c", "parents": [ "177bbc733a1d9c935bc3d6efd776a6699b29b1ca" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 15:04:33 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 15:04:33 2005 +0100" }, "message": "AUDIT: Wait for backlog to clear when generating messages.\n\nAdd a gfp_mask to audit_log_start() and audit_log(), to reduce the\namount of GFP_ATOMIC allocation -- most of it doesn\u0027t need to be \nGFP_ATOMIC. Also if the mask includes __GFP_WAIT, then wait up to\n60 seconds for the auditd backlog to clear instead of immediately \nabandoning the message. \n\nThe timeout should probably be made configurable, but for now it\u0027ll \nsuffice that it only happens if auditd is actually running.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "4a4cd633b575609b741a1de7837223a2d9e1c34c", "tree": "f4c3a6beb6a587598193053240f3e3f82885f1e3", "parents": [ "f6a789d19858a951e7ff9e297a44b377c21b6c33" ], "author": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 14:56:47 2005 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@shinybook.infradead.org", "time": "Wed Jun 22 14:56:47 2005 +0100" }, "message": "AUDIT: Optimise the audit-disabled case for discarding user messages\n\nAlso exempt USER_AVC message from being discarded to preserve \nexisting behaviour for SE Linux.\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" } ], "next": "f6a789d19858a951e7ff9e297a44b377c21b6c33" }