)]}' { "log": [ { "commit": "44e51a1b7852bd421ff5303c64dcc5c8524c21ef", "tree": "79005e642ba6a976ed6f561374bdab05e2fda40e", "parents": [ "e08b061ec0fca1f63bb1006bf1edc0556f36d0ae" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Aug 07 16:54:29 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Sep 24 03:50:26 2009 -0400" }, "message": "Audit: rearrange audit_context to save 16 bytes per struct\n\npahole pointed out that on x86_64 struct audit_context can be rearrainged\nto save 16 bytes per struct. Since we have an audit_context per task this\ncan acually be a pretty significant gain.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "916d75761c971b6e630a26bd4ba472e90ac9a4b9", "tree": "3a4b18d0d29c1d12f64fefbb2bc5559813a686f7", "parents": [ "9d9609851003ebed15957f0f2ce18492739ee124" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jun 24 00:02:38 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jun 24 00:02:38 2009 -0400" }, "message": "Fix rule eviction order for AUDIT_DIR\n\nIf syscall removes the root of subtree being watched, we\ndefinitely do not want the rules refering that subtree\nto be destroyed without the syscall in question having\na chance to match them.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9d9609851003ebed15957f0f2ce18492739ee124", "tree": "2c116865d2f239b5596b22a3a79eecc82f5e1299", "parents": [ "35fe4d0b1b12286a81938e9c5fdfaf639ac0ce5b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:37 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jun 24 00:00:52 2009 -0400" }, "message": "Audit: clean up all op\u003d output to include string quoting\n\nA number of places in the audit system we send an op\u003d followed by a string\nthat includes spaces. Somehow this works but it\u0027s just wrong. This patch\nmoves all of those that I could find to be quoted.\n\nExample:\n\nChange From: type\u003dCONFIG_CHANGE msg\u003daudit(1244666690.117:31): auid\u003d0 ses\u003d1\nsubj\u003dunconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op\u003dremove rule\nkey\u003d\"number2\" list\u003d4 res\u003d0\n\nChange To: type\u003dCONFIG_CHANGE msg\u003daudit(1244666690.117:31): auid\u003d0 ses\u003d1\nsubj\u003dunconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op\u003d\"remove rule\"\nkey\u003d\"number2\" list\u003d4 res\u003d0\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "cfcad62c74abfef83762dc05a556d21bdf3980a2", "tree": "d253dbf8dfa4d31379dcd886cc1b41c69921acdd", "parents": [ "ea7ae60bfe39aeedfb29571c47280bf0067ee5f3" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:36 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 23 23:50:59 2009 -0400" }, "message": "audit: seperate audit inode watches into a subfile\n\nIn preparation for converting audit to use fsnotify instead of inotify we\nseperate the inode watching code into it\u0027s own file. This is similar to\nhow the audit tree watching code is already seperated into audit_tree.c\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b87ce6e4187c24b06483c8266822ce5e6b7fa7f3", "tree": "24b56d53dc03b0a6c8434ad2250c1c40d179d0ce", "parents": [ "35aa901c0b66cb3c2eeee23f13624014825a44a8" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:34 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 23 23:50:34 2009 -0400" }, "message": "Audit: better estimation of execve record length\n\nThe audit execve record splitting code estimates the length of the message\ngenerated. But it forgot to include the \"\" that wrap each string in its\nestimation. This means that execve messages with lots of tiny (1-2 byte)\narguments could still cause records greater than 8k to be emitted. Simply\nfix the estimate.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "def57543418a5f47debae28a0a9dea2effc11692", "tree": "9f27756c75502f6331c5c4260f36779a7b9555bc", "parents": [ "679173b724631f49e537a15fa48ea2000bdc1808" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Mar 10 18:00:14 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Apr 05 13:49:04 2009 -0400" }, "message": "Audit: remove spaces from audit_log_d_path\n\naudit_log_d_path had spaces in the strings which would be emitted on the\nerror paths. This patch simply replaces those spaces with an _ or removes\nthe needless spaces entirely.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "679173b724631f49e537a15fa48ea2000bdc1808", "tree": "f5211fea378788dab49654e15916f6ba73faa4b4", "parents": [ "318b6d3d7ddbcad3d6867e630711b8a705d873d7" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 26 18:09:45 2009 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Apr 05 13:48:52 2009 -0400" }, "message": "audit: audit_set_auditable defined but not used\n\nafter 0590b9335a1c72a3f0defcc6231287f7817e07c8 audit_set_auditable() is now only\nused by the audit tree code. If CONFIG_AUDIT_TREE is unset it will be defined\nbut unused. This patch simply moves the function inside a CONFIG_AUDIT_TREE\nblock.\n\ncc1: warnings being treated as errors\n/home/acme_unencrypted/git/linux-2.6-tip/kernel/auditsc.c:745: error: ‘audit_set_auditable’ defined but not used\nmake[2]: *** [kernel/auditsc.o] Error 1\nmake[1]: *** [kernel] Error 2\nmake[1]: *** Waiting for unfinished jobs....\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "6d208da89aabee8502debe842832ca0ab298d16d", "tree": "3ed68e7cab94ac7887dcd1d03f1b1fd9a927a001", "parents": [ "55ad2f8d340678397de5916b9cd960f17ebd7150" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Apr 01 15:47:27 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Apr 05 13:46:19 2009 -0400" }, "message": "audit: Fix possible return value truncation in audit_get_context()\n\nThe audit subsystem treats syscall return codes as type long, unfortunately\nthe audit_get_context() function mistakenly converts the return code to an\nint type in the parameters which could cause problems on systems where the\nsizeof(int) !\u003d sizeof(long).\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "6b96255998053a89f45c0855de954b71f5c3887b", "tree": "d46ba7f03e56a81fee5b6903087bffae50c9b3a6", "parents": [ "ca96a895a6bae7efe7b11a35d9f43e6228467562" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Mon Jan 05 13:41:13 2009 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Apr 05 13:39:19 2009 -0400" }, "message": "auditsc: fix kernel-doc notation\n\nFix auditsc kernel-doc notation:\n\nWarning(linux-2.6.28-git7//kernel/auditsc.c:2156): No description found for parameter \u0027attr\u0027\nWarning(linux-2.6.28-git7//kernel/auditsc.c:2156): Excess function parameter \u0027u_attr\u0027 description in \u0027__audit_mq_open\u0027\nWarning(linux-2.6.28-git7//kernel/auditsc.c:2204): No description found for parameter \u0027notification\u0027\nWarning(linux-2.6.28-git7//kernel/auditsc.c:2204): Excess function parameter \u0027u_notification\u0027 description in \u0027__audit_mq_notify\u0027\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\ncc:\tAl Viro \u003cviro@zeniv.linux.org.uk\u003e\ncc:\tEric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ca96a895a6bae7efe7b11a35d9f43e6228467562", "tree": "f0a838bddc4d20b204720592811484bbe3e98a6a", "parents": [ "6bb597507f9839b13498781e481f5458aea33620" ], "author": { "name": "Jiri Pirko", "email": "jpirko@redhat.com", "time": "Fri Jan 09 16:44:16 2009 +0100" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Apr 05 13:38:59 2009 -0400" }, "message": "audit: EXECVE record - removed bogus newline\n\n(updated)\nAdded hunk that changes the comment, the rest is the same.\n\nEXECVE records contain a newline after every argument. auditd converts\n\"\\n\" to \" \" so you cannot see newlines even in raw logs, but they\u0027re\nthere nevertheless. If you\u0027re not using auditd, you need to work round\nthem. These \u0027\\n\u0027 chars are can be easily replaced by spaces when\ncreating record in kernel. Note there is no need for trailing \u0027\\n\u0027 in\nan audit record.\n\nrecord before this patch:\n\"type\u003dEXECVE msg\u003daudit(1231421801.566:31): argc\u003d4 a0\u003d\\\"./test\\\"\\na1\u003d\\\"a\\\"\\na2\u003d\\\"b\\\"\\na3\u003d\\\"c\\\"\\n\"\n\nrecord after this patch:\n\"type\u003dEXECVE msg\u003daudit(1231421801.566:31): argc\u003d4 a0\u003d\\\"./test\\\" a1\u003d\\\"a\\\" a2\u003d\\\"b\\\" a3\u003d\\\"c\\\"\"\n\nSigned-off-by: Jiri Pirko \u003cjpirko@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5ad4e53bd5406ee214ddc5a41f03f779b8b2d526", "tree": "b3dab5140284b3edf02bf2b13f74bfddb25aa62a", "parents": [ "ce3b0f8d5c2203301fc87f3aaaed73e5819e2a48" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Mar 29 19:50:06 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 31 23:00:27 2009 -0400" }, "message": "Get rid of indirect include of fs_struct.h\n\nDon\u0027t pull it in sched.h; very few files actually need it and those\ncan include directly. sched.h itself only needs forward declaration\nof struct fs_struct;\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e048e02c89db7bd49d1a5fac77a11c8fb3603087", "tree": "6141e7646cd7c5b1b1334f0f86fbad6ef1bcc6d8", "parents": [ "e45aa212ea81d39b38ba158df344dc3a500153e5" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 16 03:51:22 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:42 2009 -0500" }, "message": "make sure that filterkey of task,always rules is reported\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "0590b9335a1c72a3f0defcc6231287f7817e07c8", "tree": "289fa4668ae304f79f7484ac31b2cab0ab8894c1", "parents": [ "1a9d0797b8977d413435277bf9661efbbd584693" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Dec 14 23:45:27 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:41 2009 -0500" }, "message": "fixing audit rule ordering mess, part 1\n\nProblem: ordering between the rules on exit chain is currently lost;\nall watch and inode rules are listed after everything else _and_\nexit,never on one kind doesn\u0027t stop exit,always on another from\nbeing matched.\n\nSolution: assign priorities to rules, keep track of the current\nhighest-priority matching rule and its result (always/never).\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "57f71a0af4244d9ba3c0bce74b1d2e66e8d520bd", "tree": "c089a97949fc1d459e137b18739c04e9217913d1", "parents": [ "157cf649a735a2f7e8dba0ed08e6e38b6c30d886" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 14:52:57 2009 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:41 2009 -0500" }, "message": "sanitize audit_log_capset()\n\n* no allocations\n* return void\n* don\u0027t duplicate checked for dummy context\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "157cf649a735a2f7e8dba0ed08e6e38b6c30d886", "tree": "85895367c24023d363d5ee7b5ed2fb16eaf08721", "parents": [ "564f6993ffef656aebaf46cf2f1f6cb4f5c97207" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Dec 14 04:57:47 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:41 2009 -0500" }, "message": "sanitize audit_fd_pair()\n\n* no allocations\n* return void\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "564f6993ffef656aebaf46cf2f1f6cb4f5c97207", "tree": "0bf1ee553ab1241338fe522ffbaed8cd48e10c99", "parents": [ "c32c8af43b9adde8d6f938d8e6328c13b8de79ac" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Dec 14 04:02:26 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:41 2009 -0500" }, "message": "sanitize audit_mq_open()\n\n* don\u0027t bother with allocations\n* don\u0027t do double copy_from_user()\n* don\u0027t duplicate parts of check for audit_dummy_context()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c32c8af43b9adde8d6f938d8e6328c13b8de79ac", "tree": "6377079bba7530d2aa8a688ebf9ba3e09ae085a7", "parents": [ "20114f71b27cafeb7c7e41d2b0f0b68c3fbb022b" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Dec 14 03:46:48 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:40 2009 -0500" }, "message": "sanitize AUDIT_MQ_SENDRECV\n\n* logging the original value of *msg_prio in mq_timedreceive(2)\n is insane - the argument is write-only (i.e. syscall always\n ignores the original value and only overwrites it).\n* merge __audit_mq_timed{send,receive}\n* don\u0027t do copy_from_user() twice\n* don\u0027t mess with allocations in auditsc part\n* ... and don\u0027t bother checking !audit_enabled and !context in there -\n we\u0027d already checked for audit_dummy_context().\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "20114f71b27cafeb7c7e41d2b0f0b68c3fbb022b", "tree": "fcbb481cfec8c11f103ba07dbb08819de3822d80", "parents": [ "7392906ea915b9a2c14dea32b3604b4e178f82f7" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 07:16:12 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:40 2009 -0500" }, "message": "sanitize audit_mq_notify()\n\n* don\u0027t copy_from_user() twice\n* don\u0027t bother with allocations\n* don\u0027t duplicate parts of audit_dummy_context()\n* make it return void\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7392906ea915b9a2c14dea32b3604b4e178f82f7", "tree": "1e4fbe56e3738fade213ef805ec274ea74ac6a1b", "parents": [ "e816f370cbadd2afea9f1a42f232d0636137d563" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 06:58:59 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:40 2009 -0500" }, "message": "sanitize audit_mq_getsetattr()\n\n* get rid of allocations\n* make it return void\n* don\u0027t duplicate parts of audit_dummy_context()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e816f370cbadd2afea9f1a42f232d0636137d563", "tree": "8a9fe488ced59cd9864fcbf15292641c3b95143c", "parents": [ "a33e6751003c5ade603737d828b1519d980ce392" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 03:47:15 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:40 2009 -0500" }, "message": "sanitize audit_ipc_set_perm()\n\n* get rid of allocations\n* make it return void\n* simplify callers\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a33e6751003c5ade603737d828b1519d980ce392", "tree": "aa484d033e886945aed78172dbdd4d2fd928bacf", "parents": [ "f3298dc4f2277874d40cb4fc3a6e277317d6603b" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 03:40:06 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:39 2009 -0500" }, "message": "sanitize audit_ipc_obj()\n\n* get rid of allocations\n* make it return void\n* simplify callers\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f3298dc4f2277874d40cb4fc3a6e277317d6603b", "tree": "8ba8f7e7a0597965b2f6c7106718a59cc164eab1", "parents": [ "4f6b434fee2402b3decdeae9d16eb648725ae426" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 03:16:51 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:39 2009 -0500" }, "message": "sanitize audit_socketcall\n\n* don\u0027t bother with allocations\n* now that it can\u0027t fail, make it return void\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4f6b434fee2402b3decdeae9d16eb648725ae426", "tree": "2b82a9d220509e2fe42c365de5083eb8032880e4", "parents": [ "7d3b56ba37a95f1f370f50258ed3954c304c524b" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 09 19:50:34 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:39 2009 -0500" }, "message": "don\u0027t reallocate buffer in every audit_sockaddr()\n\nNo need to do that more than once per process lifetime; allocating/freeing\non each sendto/accept/etc. is bloody pointless.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cbacc2c7f066a1e01b33b0e27ae5efbf534bc2db", "tree": "90d1093131d2a3543a8b3b1f3364e7c6f4081a93", "parents": [ "4a6908a3a050aacc9c3a2f36b276b46c0629ad91", "74192246910ff4fb95309ba1a683215644beeb62" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 25 11:40:09 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 25 11:40:09 2008 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n" }, { "commit": "48887e63d6e057543067327da6b091297f7fe645", "tree": "f290af5a887bcf840a63043eb2df3a4c02ccaea3", "parents": [ "7f0ed77d241b60f70136f15b8eef30a3de1fa249" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Dec 06 01:05:50 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 09 02:27:41 2008 -0500" }, "message": "[PATCH] fix broken timestamps in AVC generated by kernel threads\n\nTimestamp in audit_context is valid only if -\u003ein_syscall is set.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7f0ed77d241b60f70136f15b8eef30a3de1fa249", "tree": "23965f89b83f5bfd176eea4ea82dd3a7c90d1e6f", "parents": [ "0b0c940a91f8e6fd0e1be3e01d5e98997446233b" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Mon Dec 01 14:16:06 2008 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 09 02:27:40 2008 -0500" }, "message": "[patch 1/1] audit: remove excess kernel-doc\n\nDelete excess kernel-doc notation in kernel/auditsc.c:\n\nWarning(linux-2.6.27-git10//kernel/auditsc.c:1481): Excess function parameter or struct member \u0027tsk\u0027 description in \u0027audit_syscall_entry\u0027\nWarning(linux-2.6.27-git10//kernel/auditsc.c:1564): Excess function parameter or struct member \u0027tsk\u0027 description in \u0027audit_syscall_exit\u0027\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a64e64944f4b8ce3288519555dbaa0232414b8ac", "tree": "6b37f5444c49379580b6b4fead84a75ca474d0ab", "parents": [ "a3f07114e3359fb98683069ae397220e8992a24a" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Nov 12 18:37:41 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 09 02:27:38 2008 -0500" }, "message": "[PATCH] return records for fork() both to child and parent\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d84f4f992cbd76e8f39c488cf0c5d123843923b1", "tree": "fc4a0349c42995715b93d0f7a3c78e9ea9b3f36e", "parents": [ "745ca2475a6ac596e3d8d37c2759c0fbe2586227" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:23 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:23 2008 +1100" }, "message": "CRED: Inaugurate COW credentials\n\nInaugurate copy-on-write credentials management. This uses RCU to manage the\ncredentials pointer in the task_struct with respect to accesses by other tasks.\nA process may only modify its own credentials, and so does not need locking to\naccess or modify its own credentials.\n\nA mutex (cred_replace_mutex) is added to the task_struct to control the effect\nof PTRACE_ATTACHED on credential calculations, particularly with respect to\nexecve().\n\nWith this patch, the contents of an active credentials struct may not be\nchanged directly; rather a new set of credentials must be prepared, modified\nand committed using something like the following sequence of events:\n\n\tstruct cred *new \u003d prepare_creds();\n\tint ret \u003d blah(new);\n\tif (ret \u003c 0) {\n\t\tabort_creds(new);\n\t\treturn ret;\n\t}\n\treturn commit_creds(new);\n\nThere are some exceptions to this rule: the keyrings pointed to by the active\ncredentials may be instantiated - keyrings violate the COW rule as managing\nCOW keyrings is tricky, given that it is possible for a task to directly alter\nthe keys in a keyring in use by another task.\n\nTo help enforce this, various pointers to sets of credentials, such as those in\nthe task_struct, are declared const. The purpose of this is compile-time\ndiscouragement of altering credentials through those pointers. Once a set of\ncredentials has been made public through one of these pointers, it may not be\nmodified, except under special circumstances:\n\n (1) Its reference count may incremented and decremented.\n\n (2) The keyrings to which it points may be modified, but not replaced.\n\nThe only safe way to modify anything else is to create a replacement and commit\nusing the functions described in Documentation/credentials.txt (which will be\nadded by a later patch).\n\nThis patch and the preceding patches have been tested with the LTP SELinux\ntestsuite.\n\nThis patch makes several logical sets of alteration:\n\n (1) execve().\n\n This now prepares and commits credentials in various places in the\n security code rather than altering the current creds directly.\n\n (2) Temporary credential overrides.\n\n do_coredump() and sys_faccessat() now prepare their own credentials and\n temporarily override the ones currently on the acting thread, whilst\n preventing interference from other threads by holding cred_replace_mutex\n on the thread being dumped.\n\n This will be replaced in a future patch by something that hands down the\n credentials directly to the functions being called, rather than altering\n the task\u0027s objective credentials.\n\n (3) LSM interface.\n\n A number of functions have been changed, added or removed:\n\n (*) security_capset_check(), -\u003ecapset_check()\n (*) security_capset_set(), -\u003ecapset_set()\n\n \t Removed in favour of security_capset().\n\n (*) security_capset(), -\u003ecapset()\n\n \t New. This is passed a pointer to the new creds, a pointer to the old\n \t creds and the proposed capability sets. It should fill in the new\n \t creds or return an error. All pointers, barring the pointer to the\n \t new creds, are now const.\n\n (*) security_bprm_apply_creds(), -\u003ebprm_apply_creds()\n\n \t Changed; now returns a value, which will cause the process to be\n \t killed if it\u0027s an error.\n\n (*) security_task_alloc(), -\u003etask_alloc_security()\n\n \t Removed in favour of security_prepare_creds().\n\n (*) security_cred_free(), -\u003ecred_free()\n\n \t New. Free security data attached to cred-\u003esecurity.\n\n (*) security_prepare_creds(), -\u003ecred_prepare()\n\n \t New. Duplicate any security data attached to cred-\u003esecurity.\n\n (*) security_commit_creds(), -\u003ecred_commit()\n\n \t New. Apply any security effects for the upcoming installation of new\n \t security by commit_creds().\n\n (*) security_task_post_setuid(), -\u003etask_post_setuid()\n\n \t Removed in favour of security_task_fix_setuid().\n\n (*) security_task_fix_setuid(), -\u003etask_fix_setuid()\n\n \t Fix up the proposed new credentials for setuid(). This is used by\n \t cap_set_fix_setuid() to implicitly adjust capabilities in line with\n \t setuid() changes. Changes are made to the new credentials, rather\n \t than the task itself as in security_task_post_setuid().\n\n (*) security_task_reparent_to_init(), -\u003etask_reparent_to_init()\n\n \t Removed. Instead the task being reparented to init is referred\n \t directly to init\u0027s credentials.\n\n\t NOTE! This results in the loss of some state: SELinux\u0027s osid no\n\t longer records the sid of the thread that forked it.\n\n (*) security_key_alloc(), -\u003ekey_alloc()\n (*) security_key_permission(), -\u003ekey_permission()\n\n \t Changed. These now take cred pointers rather than task pointers to\n \t refer to the security context.\n\n (4) sys_capset().\n\n This has been simplified and uses less locking. The LSM functions it\n calls have been merged.\n\n (5) reparent_to_kthreadd().\n\n This gives the current thread the same credentials as init by simply using\n commit_thread() to point that way.\n\n (6) __sigqueue_alloc() and switch_uid()\n\n __sigqueue_alloc() can\u0027t stop the target task from changing its creds\n beneath it, so this function gets a reference to the currently applicable\n user_struct which it then passes into the sigqueue struct it returns if\n successful.\n\n switch_uid() is now called from commit_creds(), and possibly should be\n folded into that. commit_creds() should take care of protecting\n __sigqueue_alloc().\n\n (7) [sg]et[ug]id() and co and [sg]et_current_groups.\n\n The set functions now all use prepare_creds(), commit_creds() and\n abort_creds() to build and check a new set of credentials before applying\n it.\n\n security_task_set[ug]id() is called inside the prepared section. This\n guarantees that nothing else will affect the creds until we\u0027ve finished.\n\n The calling of set_dumpable() has been moved into commit_creds().\n\n Much of the functionality of set_user() has been moved into\n commit_creds().\n\n The get functions all simply access the data directly.\n\n (8) security_task_prctl() and cap_task_prctl().\n\n security_task_prctl() has been modified to return -ENOSYS if it doesn\u0027t\n want to handle a function, or otherwise return the return value directly\n rather than through an argument.\n\n Additionally, cap_task_prctl() now prepares a new set of credentials, even\n if it doesn\u0027t end up using it.\n\n (9) Keyrings.\n\n A number of changes have been made to the keyrings code:\n\n (a) switch_uid_keyring(), copy_keys(), exit_keys() and suid_keys() have\n \t all been dropped and built in to the credentials functions directly.\n \t They may want separating out again later.\n\n (b) key_alloc() and search_process_keyrings() now take a cred pointer\n \t rather than a task pointer to specify the security context.\n\n (c) copy_creds() gives a new thread within the same thread group a new\n \t thread keyring if its parent had one, otherwise it discards the thread\n \t keyring.\n\n (d) The authorisation key now points directly to the credentials to extend\n \t the search into rather pointing to the task that carries them.\n\n (e) Installing thread, process or session keyrings causes a new set of\n \t credentials to be created, even though it\u0027s not strictly necessary for\n \t process or session keyrings (they\u0027re shared).\n\n(10) Usermode helper.\n\n The usermode helper code now carries a cred struct pointer in its\n subprocess_info struct instead of a new session keyring pointer. This set\n of credentials is derived from init_cred and installed on the new process\n after it has been cloned.\n\n call_usermodehelper_setup() allocates the new credentials and\n call_usermodehelper_freeinfo() discards them if they haven\u0027t been used. A\n special cred function (prepare_usermodeinfo_creds()) is provided\n specifically for call_usermodehelper_setup() to call.\n\n call_usermodehelper_setkeys() adjusts the credentials to sport the\n supplied keyring as the new session keyring.\n\n(11) SELinux.\n\n SELinux has a number of changes, in addition to those to support the LSM\n interface changes mentioned above:\n\n (a) selinux_setprocattr() no longer does its check for whether the\n \t current ptracer can access processes with the new SID inside the lock\n \t that covers getting the ptracer\u0027s SID. Whilst this lock ensures that\n \t the check is done with the ptracer pinned, the result is only valid\n \t until the lock is released, so there\u0027s no point doing it inside the\n \t lock.\n\n(12) is_single_threaded().\n\n This function has been extracted from selinux_setprocattr() and put into\n a file of its own in the lib/ directory as join_session_keyring() now\n wants to use it too.\n\n The code in SELinux just checked to see whether a task shared mm_structs\n with other tasks (CLONE_VM), but that isn\u0027t good enough. We really want\n to know if they\u0027re part of the same thread group (CLONE_THREAD).\n\n(13) nfsd.\n\n The NFS server daemon now has to use the COW credentials to set the\n credentials it is going to use. It really needs to pass the credentials\n down to the functions it calls, but it can\u0027t do that until other patches\n in this series have been applied.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "c69e8d9c01db2adc503464993c358901c9af9de4", "tree": "bed94aaa9aeb7a7834d1c880f72b62a11a752c78", "parents": [ "86a264abe542cfececb4df129bc45a0338d8cdb9" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:19 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:19 2008 +1100" }, "message": "CRED: Use RCU to access another task\u0027s creds and to release a task\u0027s own creds\n\nUse RCU to access another task\u0027s creds and to release a task\u0027s own creds.\nThis means that it will be possible for the credentials of a task to be\nreplaced without another task (a) requiring a full lock to read them, and (b)\nseeing deallocated memory.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "b6dff3ec5e116e3af6f537d4caedcad6b9e5082a", "tree": "9e76f972eb7ce9b84e0146c8e4126a3f86acb428", "parents": [ "15a2460ed0af7538ca8e6c610fe607a2cd9da142" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:16 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:16 2008 +1100" }, "message": "CRED: Separate task security context from task_struct\n\nSeparate the task security context from task_struct. At this point, the\nsecurity data is temporarily embedded in the task_struct with two pointers\npointing to it.\n\nNote that the Alpha arch is altered as it refers to (E)UID and (E)GID in\nentry.S via asm-offsets.\n\nWith comment fixes Signed-off-by: Marc Dionne \u003cmarc.c.dionne@gmail.com\u003e\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "76aac0e9a17742e60d408be1a706e9aaad370891", "tree": "e873a000d9c96209726e0958e311f005c13b2ed5", "parents": [ "b103c59883f1ec6e4d548b25054608cb5724453c" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:12 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:12 2008 +1100" }, "message": "CRED: Wrap task credential accesses in the core kernel\n\nWrap access to task credentials so that they can be separated more easily from\nthe task_struct during the introduction of COW creds.\n\nChange most current-\u003e(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().\n\nChange some task-\u003ee?[ug]id to task_e?[ug]id(). In some places it makes more\nsense to use RCU directly rather than a convenient wrapper; these will be\naddressed by later patches.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: linux-audit@redhat.com\nCc: containers@lists.linux-foundation.org\nCc: linux-mm@kvack.org\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e68b75a027bb94066576139ee33676264f867b87", "tree": "2c31f59a4abe9d7bb3cb75fdf3b57772feeeb6f6", "parents": [ "3fc689e96c0c90b6fede5946d6c31075e9464f69" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 11 21:48:22 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 11 21:48:22 2008 +1100" }, "message": "When the capset syscall is used it is not possible for audit to record the\nactual capbilities being added/removed. This patch adds a new record type\nwhich emits the target pid and the eff, inh, and perm cap sets.\n\nexample output if you audit capset syscalls would be:\n\ntype\u003dSYSCALL msg\u003daudit(1225743140.465:76): arch\u003dc000003e syscall\u003d126 success\u003dyes exit\u003d0 a0\u003d17f2014 a1\u003d17f201c a2\u003d80000000 a3\u003d7fff2ab7f060 items\u003d0 ppid\u003d2160 pid\u003d2223 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dpts0 ses\u003d1 comm\u003d\"setcap\" exe\u003d\"/usr/sbin/setcap\" subj\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key\u003d(null)\ntype\u003dUNKNOWN[1322] msg\u003daudit(1225743140.465:76): pid\u003d0 cap_pi\u003dffffffffffffffff cap_pp\u003dffffffffffffffff cap_pe\u003dffffffffffffffff\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3fc689e96c0c90b6fede5946d6c31075e9464f69", "tree": "5e59b6c607eb595ababa74bad18787cfa49b16e9", "parents": [ "851f7ff56d9c21272f289dd85fb3f1b6cf7a6e10" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 11 21:48:18 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 11 21:48:18 2008 +1100" }, "message": "Any time fcaps or a setuid app under SECURE_NOROOT is used to result in a\nnon-zero pE we will crate a new audit record which contains the entire set\nof known information about the executable in question, fP, fI, fE, fversion\nand includes the process\u0027s pE, pI, pP. Before and after the bprm capability\nare applied. This record type will only be emitted from execve syscalls.\n\nan example of making ping use fcaps instead of setuid:\n\nsetcap \"cat_net_raw+pe\" /bin/ping\n\ntype\u003dSYSCALL msg\u003daudit(1225742021.015:236): arch\u003dc000003e syscall\u003d59 success\u003dyes exit\u003d0 a0\u003d1457f30 a1\u003d14606b0 a2\u003d1463940 a3\u003d321b770a70 items\u003d2 ppid\u003d2929 pid\u003d2963 auid\u003d0 uid\u003d500 gid\u003d500 euid\u003d500 suid\u003d500 fsuid\u003d500 egid\u003d500 sgid\u003d500 fsgid\u003d500 tty\u003dpts0 ses\u003d3 comm\u003d\"ping\" exe\u003d\"/bin/ping\" subj\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key\u003d(null)\ntype\u003dUNKNOWN[1321] msg\u003daudit(1225742021.015:236): fver\u003d2 fp\u003d0000000000002000 fi\u003d0000000000000000 fe\u003d1 old_pp\u003d0000000000000000 old_pi\u003d0000000000000000 old_pe\u003d0000000000000000 new_pp\u003d0000000000002000 new_pi\u003d0000000000000000 new_pe\u003d0000000000002000\ntype\u003dEXECVE msg\u003daudit(1225742021.015:236): argc\u003d2 a0\u003d\"ping\" a1\u003d\"127.0.0.1\"\ntype\u003dCWD msg\u003daudit(1225742021.015:236): cwd\u003d\"/home/test\"\ntype\u003dPATH msg\u003daudit(1225742021.015:236): item\u003d0 name\u003d\"/bin/ping\" inode\u003d49256 dev\u003dfd:00 mode\u003d0100755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003dsystem_u:object_r:ping_exec_t:s0 cap_fp\u003d0000000000002000 cap_fe\u003d1 cap_fver\u003d2\ntype\u003dPATH msg\u003daudit(1225742021.015:236): item\u003d1 name\u003d(null) inode\u003d507915 dev\u003dfd:00 mode\u003d0100755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003dsystem_u:object_r:ld_so_t:s0\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "851f7ff56d9c21272f289dd85fb3f1b6cf7a6e10", "tree": "42c72104230d93bf785a4cdda1e1ea5895339db0", "parents": [ "c0b004413a46a0a5744e6d2b85220fe9d2c33d48" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 11 21:48:14 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 11 21:48:14 2008 +1100" }, "message": "This patch will print cap_permitted and cap_inheritable data in the PATH\nrecords of any file that has file capabilities set. Files which do not\nhave fcaps set will not have different PATH records.\n\nAn example audit record if you run:\nsetcap \"cap_net_admin+pie\" /bin/bash\n/bin/bash\n\ntype\u003dSYSCALL msg\u003daudit(1225741937.363:230): arch\u003dc000003e syscall\u003d59 success\u003dyes exit\u003d0 a0\u003d2119230 a1\u003d210da30 a2\u003d20ee290 a3\u003d8 items\u003d2 ppid\u003d2149 pid\u003d2923 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dpts0 ses\u003d3 comm\u003d\"ping\" exe\u003d\"/bin/ping\" subj\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key\u003d(null)\ntype\u003dEXECVE msg\u003daudit(1225741937.363:230): argc\u003d2 a0\u003d\"ping\" a1\u003d\"www.google.com\"\ntype\u003dCWD msg\u003daudit(1225741937.363:230): cwd\u003d\"/root\"\ntype\u003dPATH msg\u003daudit(1225741937.363:230): item\u003d0 name\u003d\"/bin/ping\" inode\u003d49256 dev\u003dfd:00 mode\u003d0104755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003dsystem_u:object_r:ping_exec_t:s0 cap_fp\u003d0000000000002000 cap_fi\u003d0000000000002000 cap_fe\u003d1 cap_fver\u003d2\ntype\u003dPATH msg\u003daudit(1225741937.363:230): item\u003d1 name\u003d(null) inode\u003d507915 dev\u003dfd:00 mode\u003d0100755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003dsystem_u:object_r:ld_so_t:s0\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dbda4c0b97b18fd59b3964548361b4f92357f730", "tree": "ca7e2827541aec01762f2a9c0e3155aaf49bf0ca", "parents": [ "934e6ebf96e8c1a0f299e64129fdaebc1132a427" ], "author": { "name": "Alan Cox", "email": "alan@redhat.com", "time": "Mon Oct 13 10:40:53 2008 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 13 09:51:42 2008 -0700" }, "message": "tty: Fix abusers of current-\u003esighand-\u003etty\n\nVarious people outside the tty layer still stick their noses in behind the\nscenes. We need to make sure they also obey the locking and referencing rules.\n\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c4bacefb7aaf49da11a695f29d85d40909f17693", "tree": "f79955a37bab3ebe9942cba292ae560fb281c8bf", "parents": [ "bef69ea0dcce574a425feb0a5aa4c63dd108b9a6" ], "author": { "name": "Cordelia", "email": "cordsam@linux.vnet.ibm.com", "time": "Mon Aug 18 09:45:51 2008 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Sep 01 23:06:45 2008 -0400" }, "message": "[PATCH] audit: Moved variable declaration to beginning of function\n\ngot rid of compilation warning:\nISO C90 forbids mixed declarations and code\n\nSigned-off-by: Cordelia Sam \u003ccordesam@gmail.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1a61c88defcd611bd148d6c960b498e1b8bbbe00", "tree": "8b8d84cb828caabd61d849967b3a6f8de6df2b66", "parents": [ "2b12a4c524812fb3f6ee590a02e65b95c8c32229" ], "author": { "name": "zhangxiliang", "email": "zhangxiliang@cn.fujitsu.com", "time": "Sat Aug 02 10:56:37 2008 +0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Aug 04 06:13:50 2008 -0400" }, "message": "Re: [PATCH] Fix the kernel panic of audit_filter_task when key field is set\n\nSorry, I miss a blank between if and \"(\".\nAnd I add \"unlikely\" to check \"ctx\" in audit_match_perm() and audit_match_filetype().\nThis is a new patch for it.\n\nSigned-off-by: Zhang Xiliang \u003czhangxiliang@cn.fujitsu.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "980dfb0db340b95094732d78b55311f2c539c1af", "tree": "7235e21116a0958591adeaec4e51734cc224094e", "parents": [ "036bbf76ad9f83781590623111b80ba0b82930ac" ], "author": { "name": "zhangxiliang", "email": "zhangxiliang@cn.fujitsu.com", "time": "Fri Aug 01 19:15:47 2008 +0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Aug 01 12:15:03 2008 -0400" }, "message": "[PATCH] Fix the kernel panic of audit_filter_task when key field is set\n\nWhen calling audit_filter_task(), it calls audit_filter_rules() with audit_context is NULL.\nIf the key field is set, the result in audit_filter_rules() will be set to 1 and\nctx-\u003efilterkey will be set to key.\nBut the ctx is NULL in this condition, so kernel will panic.\n\nSigned-off-by: Zhang Xiliang \u003czhangxiliang@cn.fujitsu.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ee1d315663ee0b494898f813a266d6244b263b4f", "tree": "f9bf6dcacaf105431641469089e20516dd403fc5", "parents": [ "94ad374a0751f40d25e22e036c37f7263569d24c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jul 07 10:49:45 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Aug 01 12:05:32 2008 -0400" }, "message": "[PATCH] Audit: Collect signal info when SIGUSR2 is sent to auditd\n\nMakes the kernel audit subsystem collect information about the sending\nprocess when that process sends SIGUSR2 to the userspace audit daemon.\nSIGUSR2 is a new interesting signal to auditd telling auditd that it\nshould try to start logging to disk again and the error condition which\ncaused it to stop logging to disk (usually out of space) has been\nrectified.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "86a1c34a929f30fde8ad01ea8245df61ddcf58b7", "tree": "c4983e33488c66d3fcccad07b87b27f1bd2e6841", "parents": [ "15e8f348db372dec21229fda5d52ae6ee7e64666" ], "author": { "name": "Roland McGrath", "email": "roland@redhat.com", "time": "Mon Jun 23 15:37:04 2008 -0700" }, "committer": { "name": "Roland McGrath", "email": "roland@redhat.com", "time": "Wed Jul 23 17:47:32 2008 -0700" }, "message": "x86_64 syscall audit fast-path\n\nThis adds a fast path for 64-bit syscall entry and exit when\nTIF_SYSCALL_AUDIT is set, but no other kind of syscall tracing.\nThis path does not need to save and restore all registers as\nthe general case of tracing does. Avoiding the iret return path\nwhen syscall audit is enabled helps performance a lot.\n\nSigned-off-by: Roland McGrath \u003croland@redhat.com\u003e\n" }, { "commit": "8b67dca9420474623709e00d72a066068a502b20", "tree": "9d4dc19d849dd23cf00cee0851fd402062cdf1ea", "parents": [ "4a761b8c1d7a3a4ee7ccf92ce255d986f601e067" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 04:15:49 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:28:37 2008 -0400" }, "message": "[PATCH] new predicate - AUDIT_FILETYPE\n\nArgument is S_IF... | \u003cindex\u003e, where index is normally 0 or 1.\nTriggers if chosen element of ctx-\u003enames[] is present and the\nmode of object in question matches the upper bits of argument.\nI.e. for things like \"is the argument of that chmod a directory\",\netc.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7719e437fac119e57b17588bab3a8e39ff9d22eb", "tree": "56b08aec09225ac5587d9d8b7fee089181e26d25", "parents": [ "c782f242f0602edf848355d41e3676753c2280c8" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Sun Apr 27 02:39:56 2008 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:28:17 2008 -0400" }, "message": "[PATCH 2/2] audit: fix sparse shadowed variable warnings\n\nUse msglen as the identifier.\nkernel/audit.c:724:10: warning: symbol \u0027len\u0027 shadows an earlier one\nkernel/audit.c:575:8: originally declared here\n\nDon\u0027t use ino_f to check the inode field at the end of the functions.\nkernel/auditfilter.c:429:22: warning: symbol \u0027f\u0027 shadows an earlier one\nkernel/auditfilter.c:420:21: originally declared here\nkernel/auditfilter.c:542:22: warning: symbol \u0027f\u0027 shadows an earlier one\nkernel/auditfilter.c:529:21: originally declared here\n\ni always used as a counter for a for loop and initialized to zero before\nuse. Eliminate the inner i variables.\nkernel/auditsc.c:1295:8: warning: symbol \u0027i\u0027 shadows an earlier one\nkernel/auditsc.c:1152:6: originally declared here\nkernel/auditsc.c:1320:7: warning: symbol \u0027i\u0027 shadows an earlier one\nkernel/auditsc.c:1152:6: originally declared here\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c782f242f0602edf848355d41e3676753c2280c8", "tree": "e7c40c0cb99b64e6874b5e9d2602ff10b9a6597b", "parents": [ "0ef1970d7fcee1b4cb33c5017803e9039bf42db2" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Sun Apr 27 02:39:17 2008 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:28:04 2008 -0400" }, "message": "[PATCH 1/2] audit: move extern declarations to audit.h\n\nLeave audit_sig_{uid|pid|sid} protected by #ifdef CONFIG_AUDITSYSCALL.\n\nNoticed by sparse:\nkernel/audit.c:73:6: warning: symbol \u0027audit_ever_enabled\u0027 was not declared. Should it be static?\nkernel/audit.c:100:8: warning: symbol \u0027audit_sig_uid\u0027 was not declared. Should it be static?\nkernel/audit.c:101:8: warning: symbol \u0027audit_sig_pid\u0027 was not declared. Should it be static?\nkernel/audit.c:102:6: warning: symbol \u0027audit_sig_sid\u0027 was not declared. Should it be static?\nkernel/audit.c:117:23: warning: symbol \u0027audit_ih\u0027 was not declared. Should it be static?\nkernel/auditfilter.c:78:18: warning: symbol \u0027audit_filter_list\u0027 was not declared. Should it be static?\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b556f8ad58c6e9f8f485c8cef7546e3fc82c382a", "tree": "e7a1c5ce313b6dec9727d69b08b5005dc35709a3", "parents": [ "f09ac9db2aafe36fde9ebd63c8c5d776f6e7bd41" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:12:59 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:19:22 2008 -0400" }, "message": "Audit: standardize string audit interfaces\n\nThis patch standardized the string auditing interfaces. No userspace\nchanges will be visible and this is all just cleanup and consistancy\nwork. We have the following string audit interfaces to use:\n\nvoid audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len);\n\nvoid audit_log_n_string(struct audit_buffer *ab, const char *buf, size_t n);\nvoid audit_log_string(struct audit_buffer *ab, const char *buf);\n\nvoid audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string, size_t n);\nvoid audit_log_untrustedstring(struct audit_buffer *ab, const char *string);\n\nThis may be the first step to possibly fixing some of the issues that\npeople have with the string output from the kernel audit system. But we\nstill don\u0027t have an agreed upon solution to that problem.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "436c405c7d19455a71f42c9bec5fd5e028f1eb4e", "tree": "dac0f1c83fc2be2c49e8df5f6366a128758bb42e", "parents": [ "064922a805ec7aadfafdd27aa6b4908d737c3c1d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:01:04 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 04:45:07 2008 -0400" }, "message": "Audit: end printk with newline\n\nA couple of audit printk statements did not have a newline.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "04305e4aff8b0533dc05f9f6f1a34d0796bd985f", "tree": "9938264917b4b9e6e147b883d88fca94c6788b76", "parents": [ "9d57a7f9e23dc30783d245280fc9907cf2c87837" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Apr 19 09:59:43 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:59:43 2008 +1000" }, "message": "Audit: Final renamings and cleanup\n\nRename the se_str and se_rule audit fields elements to\nlsm_str and lsm_rule to avoid confusion.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d7a96f3a1ae279a2129653d6cb18d722f2f00f91", "tree": "fc38736f303133f80912f1640f2d4fac0027fe04", "parents": [ "03d37d25e0f91b28c4b6d002be6221f1af4b19d8" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 22:01:11 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:37 2008 +1000" }, "message": "Audit: internally use the new LSM audit hooks\n\nConvert Audit to use the new LSM Audit hooks instead of\nthe exported SELinux interface.\n\nBasically, use:\nsecurity_audit_rule_init\nsecuirty_audit_rule_free\nsecurity_audit_rule_known\nsecurity_audit_rule_match\n\ninstad of (respectively) :\nselinux_audit_rule_init\nselinux_audit_rule_free\naudit_rule_has_selinux\nselinux_audit_rule_match\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "2a862b32f3da5a2120043921ad301322ad526084", "tree": "bb97054b2f648504f670e3eaed2626b547c4d081", "parents": [ "713a04aeaba35bb95d442cdeb52055498519be25" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 21:54:38 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:52:34 2008 +1000" }, "message": "Audit: use new LSM hooks instead of SELinux exports\n\nStop using the following exported SELinux interfaces:\nselinux_get_inode_sid(inode, sid)\nselinux_get_ipc_sid(ipcp, sid)\nselinux_get_task_sid(tsk, sid)\nselinux_sid_to_string(sid, ctx, len)\nkfree(ctx)\n\nand use following generic LSM equivalents respectively:\nsecurity_inode_getsecid(inode, secid)\nsecurity_ipc_getsecid*(ipcp, secid)\nsecurity_task_getsecid(tsk, secid)\nsecurity_sid_to_secctx(sid, ctx, len)\nsecurity_release_secctx(ctx, len)\n\nCall security_release_secctx only if security_secid_to_secctx\nsucceeded.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nReviewed-by: Paul Moore \u003cpaul.moore@hp.com\u003e\n" }, { "commit": "422b03cf75e11dfdfb29b0f19709bac585335f86", "tree": "16cecc0fe134f019159d704760d0277febe60d01", "parents": [ "d395991c117d43bfca97101a931a41d062a93852" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Wed Feb 27 10:39:22 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Mar 01 07:16:06 2008 -0500" }, "message": "[PATCH] Audit: Fix the format type for size_t variables\n\nFix the following compiler warning by using \"%zu\" as defined in C99.\n\n CC kernel/auditsc.o\n kernel/auditsc.c: In function \u0027audit_log_single_execve_arg\u0027:\n kernel/auditsc.c:1074: warning: format \u0027%ld\u0027 expects type \u0027long int\u0027, but\n argument 4 has type \u0027size_t\u0027\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b0abcfc14605b2a8c686bd8e193ab05b01a7980b", "tree": "cb07f92693df0135ac546b965b909b48d7645dde", "parents": [ "f702c5815696bfca095cc1173fff6995c4d39844" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Feb 18 18:23:16 2008 -0500" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Feb 18 18:46:28 2008 -0800" }, "message": "Audit: use \u003d\u003d not \u003d in if statements\n\nClearly this was supposed to be an \u003d\u003d not an \u003d in the if statement.\nThis patch also causes us to stop processing execve args once we have\nfailed rather than continuing to loop on failure over and over and over.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "44707fdf5938ad269ea5d6c5744d82f6a7328746", "tree": "7eb1704418eb41b859ad24bc48f6400135474d87", "parents": [ "a03a8a709a0c34b61b7aea1d54a0473a6b941fdb" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:38:33 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:17:08 2008 -0800" }, "message": "d_path: Use struct path in struct avc_audit_data\n\naudit_log_d_path() is a d_path() wrapper that is used by the audit code. To\nuse a struct path in audit_log_d_path() I need to embed it into struct\navc_audit_data.\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \"J. Bruce Fields\" \u003cbfields@fieldses.org\u003e\nCc: Neil Brown \u003cneilb@suse.de\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "6ac08c39a16f72c2d3e845cb6849a1392fa03e80", "tree": "d7603571e9ab3ea4b57b7901211320e48d0c5ed8", "parents": [ "5dd784d04924be5d8bc066aded0ec3274b20e612" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:34:38 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:13:33 2008 -0800" }, "message": "Use struct path in fs_struct\n\n* Use struct path in fs_struct.\n\nSigned-off-by: Andreas Gruenbacher \u003cagruen@suse.de\u003e\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@lst.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b593d384efcff7bdf6beb1bc1bc69927977aee26", "tree": "9055ef0decc84dcbf0da67135535f0746e602e8e", "parents": [ "50397bd1e471391d27f64efad9271459c913de87" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 08 17:38:31 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:24:45 2008 -0500" }, "message": "[AUDIT] create context if auditing was ever enabled\n\nDisabling audit at runtime by auditctl doesn\u0027t mean that we can\nstop allocating contexts for new processes; we don\u0027t want to miss them\nwhen that sucker is reenabled.\n\n(based on work from Al Viro in the RHEL kernel series)\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "de6bbd1d30e5912620d25dd15e3f180ac7f9fcef", "tree": "3807b13f8e2e490c258c5bb37915c95fc1bcfe20", "parents": [ "e445deb593d67c8ed13bd357c780a93d78bc84cf" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 14:31:58 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:23:55 2008 -0500" }, "message": "[AUDIT] break large execve argument logging into smaller messages\n\nexecve arguments can be quite large. There is no limit on the number of\narguments and a 4G limit on the size of an argument.\n\nthis patch prints those aruguments in bite sized pieces. a userspace size\nlimitation of 8k was discovered so this keeps messages around 7.5k\n\nsingle arguments larger than 7.5k in length are split into multiple records\nand can be identified as aX[Y]\u003d\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6246ccab99093a562044596dd868213caa0b2b4c", "tree": "b373e388bd35549a540ce8693cceeea3660d02e1", "parents": [ "c0641f28dcbecb6dc34a4fd003a9947fcd080696" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 14:01:18 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:07:46 2008 -0500" }, "message": "[AUDIT] do not panic on exclude messages in audit_log_pid_context()\n\nIf we fail to get an ab in audit_log_pid_context this may be due to an exclude\nrule rather than a memory allocation failure. If it was due to a memory\nallocation failue we would have already paniced and no need to do it again.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "c0641f28dcbecb6dc34a4fd003a9947fcd080696", "tree": "75cc2700afe2e83834895e7f45c7f663faf2e034", "parents": [ "4746ec5b01ed07205a91e4f7ed9de9d70f371407" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 13:49:15 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:07:19 2008 -0500" }, "message": "[AUDIT] Add End of Event record\n\nThis patch adds an end of event record type. It will be sent by the kernel as\nthe last record when a multi-record event is triggered. This will aid realtime\nanalysis programs since they will now reliably know they have the last record\nto complete an event. The audit daemon filters this and will not write it to\ndisk.\n\nSigned-off-by: Steve Grubb \u003csgrubb redhat com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "4746ec5b01ed07205a91e4f7ed9de9d70f371407", "tree": "7a3a836b6178ccab24801e90b69c1159b2c23099", "parents": [ "c2a7780efe37d01bdb3facc85a94663e6d67d4a8" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 08 10:06:53 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:06:51 2008 -0500" }, "message": "[AUDIT] add session id to audit messages\n\nIn order to correlate audit records to an individual login add a session\nid. This is incremented every time a user logs in and is included in\nalmost all messages which currently output the auid. The field is\nlabeled ses\u003d or oses\u003d\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "c2a7780efe37d01bdb3facc85a94663e6d67d4a8", "tree": "a7e30dcb7bfb386c84de9918dcfa92381675d59f", "parents": [ "f701b75ed5ffb6820efe530d1a3abcc6fc4678ad" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 13:40:17 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:06:23 2008 -0500" }, "message": "[AUDIT] collect uid, loginuid, and comm in OBJ_PID records\n\nAdd uid, loginuid, and comm collection to OBJ_PID records. This just\ngives users a little more information about the task that received a\nsignal. pid is rather meaningless after the fact, and even though comm\nisn\u0027t great we can\u0027t collect exe reasonably on this code path for\nperformance reasons.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "f701b75ed5ffb6820efe530d1a3abcc6fc4678ad", "tree": "46036f5e1b2703f6f9073a4a1469e3c5a611083e", "parents": [ "bfef93a5d1fb5654fe2025276c55e202d10b5255" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 13:34:51 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:05:55 2008 -0500" }, "message": "[AUDIT] return EINTR not ERESTART*\n\nThe syscall exit code will change ERESTART* kernel internal return codes\nto EINTR if it does not restart the syscall. Since we collect the audit\ninfo before that point we should fix those in the audit log as well.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "bfef93a5d1fb5654fe2025276c55e202d10b5255", "tree": "573d8153c5d5216b0c4007b652286eeddd3c0987", "parents": [ "0c11b9428f619ab377c92eff2f160a834a6585dd" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jan 10 04:53:18 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:05:28 2008 -0500" }, "message": "[PATCH] get rid of loginuid races\n\nKeeping loginuid in audit_context is racy and results in messier\ncode. Taken to task_struct, out of the way of -\u003eaudit_context\nchanges.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "0c11b9428f619ab377c92eff2f160a834a6585dd", "tree": "35b573715ad5730a77d067486838345132771a7a", "parents": [ "24e1c13c93cbdd05e4b7ea921c0050b036555adc" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jan 10 04:20:52 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:04:59 2008 -0500" }, "message": "[PATCH] switch audit_get_loginuid() to task_struct *\n\nall callers pass something-\u003eaudit_context\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "481968f44e81aac3b1b4863baf2c497ec46388f6", "tree": "7d09ab4c43956a170ba26eb963d9111e33acb1ae", "parents": [ "e95d9c6b046f665da551a51b4071902336a6118c" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Sun Oct 21 20:59:53 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Oct 22 19:40:02 2007 -0700" }, "message": "auditsc: fix kernel-doc param warnings\n\nFix kernel-doc for auditsc parameter changes.\n\nWarning(linux-2.6.23-git17//kernel/auditsc.c:1623): No description found for parameter \u0027dentry\u0027\nWarning(linux-2.6.23-git17//kernel/auditsc.c:1666): No description found for parameter \u0027dentry\u0027\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "74c3cbe33bc077ac1159cadfea608b501e100344", "tree": "4c4023caa4e15d19780255fa5880df3d36eb292c", "parents": [ "455434d450a358ac5bcf3fc58f8913d13c544622" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 08:04:18 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Oct 21 02:37:45 2007 -0400" }, "message": "[PATCH] audit: watching subtrees\n\nNew kind of audit rule predicates: \"object is visible in given subtree\".\nThe part that can be sanely implemented, that is. Limitations:\n\t* if you have hardlink from outside of tree, you\u0027d better watch\nit too (or just watch the object itself, obviously)\n\t* if you mount something under a watched tree, tell audit\nthat new chunk should be added to watched subtrees\n\t* if you umount something in a watched tree and it\u0027s still mounted\nelsewhere, you will get matches on events happening there. New command\ntells audit to recalculate the trees, trimming such sources of false\npositives.\n\nNote that it\u0027s _not_ about path - if something mounted in several places\n(multiple mount, bindings, different namespaces, etc.), the match does\n_not_ depend on which one we are using for access.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5a190ae69766da9a34bf31200c5cea4c0667cf94", "tree": "340c500fe42518abe6d1159a00619b1bd02f07fc", "parents": [ "cfa76f024f7c9e65169425804e5b32e71f66d0ee" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jun 07 12:19:32 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Oct 21 02:37:18 2007 -0400" }, "message": "[PATCH] pass dentry to audit_inode()/audit_inode_child()\n\nmakes caller simpler *and* allows to scan ancestors\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9f8dbe9c9ccd847b07a374f92f3c71251e5789cf", "tree": "187542cab2b08bdc97a29ef11efba7c2de5a1eb6", "parents": [ "314f70fd967064c7fa0734908f5feae6ac2831a9" ], "author": { "name": "Daniel Walker", "email": "dwalker@mvista.com", "time": "Thu Oct 18 03:06:09 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Oct 18 14:37:25 2007 -0700" }, "message": "whitespace fixes: syscall auditing\n\nSigned-off-by: Daniel Walker \u003cdwalker@mvista.com\u003e\nCc: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a9022e9cb9e919e31d5bc15fcef5c7186740645e", "tree": "48aea98aec8d9822155b2054bc60f9142f478769", "parents": [ "ea0b7d5da0024df1c6f2c2139dbeb4fd260baac6" ], "author": { "name": "Jesper Juhl", "email": "jesper.juhl@gmail.com", "time": "Tue Oct 16 23:26:23 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:42:48 2007 -0700" }, "message": "Clean up duplicate includes in kernel/\n\nThis patch cleans up duplicate includes in\n\tkernel/\n\nSigned-off-by: Jesper Juhl \u003cjesper.juhl@gmail.com\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nReviewed-by: Satyam Sharma \u003cssatyam@cse.iitk.ac.in\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "50e437d522a6cc34a882b2f740297f1b6b4c3af3", "tree": "6026dbb5014495aa9f847a342b8f96c87aabd4ef", "parents": [ "7b159fc18d417980f57aef64cab3417ee6af70f8" ], "author": { "name": "Trond Myklebust", "email": "Trond.Myklebust@netapp.com", "time": "Thu Jun 07 22:44:34 2007 -0400" }, "committer": { "name": "Trond Myklebust", "email": "Trond.Myklebust@netapp.com", "time": "Tue Oct 09 17:15:26 2007 -0400" }, "message": "SUNRPC: Convert rpc_pipefs to use the generic filesystem notification hooks\n\nThis will allow rpc.gssd to use inotify instead of dnotify in order to\nlocate new rpc upcall pipes.\n\nThis also requires the exporting of __audit_inode_child(), which is used by\nfsnotify_create() and fsnotify_mkdir(). Ccing David Woodhouse.\n\nCc: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n" }, { "commit": "88ae704c2aba150372e3d5c2f017c816773d09a7", "tree": "a275e81c2fb7411d77be1b71e3d873d68e6acea2", "parents": [ "8e81cc13a88ce486a6b0a6ca56aba6985824917a" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Wed Aug 22 14:01:05 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Aug 22 19:52:44 2007 -0700" }, "message": "kernel/auditsc.c: fix an off-by-one\n\nThis patch fixes an off-by-one in a BUG_ON() spotted by the Coverity\nchecker.\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nCc: Amy Griffis \u003camy.griffis@hp.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "175fc484256e9c85e043f599ec2f6bc0d2e6c443", "tree": "e9a485aaa0810cb85f1198579596f9bd46d5e7c0", "parents": [ "9dc83afdbefd184bf29f347e8fcbb6d8a2b5e6fe" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Wed Aug 08 00:01:46 2007 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Aug 07 19:58:56 2007 -0700" }, "message": "fix oops in __audit_signal_info()\n\n\tThe check for audit_signals is misplaced and the check for\naudit_dummy_context() is missing; as the result, if we send a signal to\nauditd from task with NULL -\u003eaudit_context while we have audit_signals\n!\u003d 0 we end up with an oops.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "040b3a2df2dd26c3e401823f3b0ce3fe99e966c5", "tree": "dbf88e0023db86669e775ed2ab4c5fb55186ffe0", "parents": [ "0af3678f7c5872836d1cc8d7c659abd62c3c5ae7" ], "author": { "name": "Peter Zijlstra", "email": "a.p.zijlstra@chello.nl", "time": "Sat Jul 28 00:55:18 2007 +0200" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sat Jul 28 19:42:22 2007 -0700" }, "message": "audit: fix two bugs in the new execve audit code\n\ncopy_from_user() returns the number of bytes not copied, hence 0 is the\nexpected output.\n\naxi-\u003emm might not be valid anymore when not equal to current-\u003emm, do not\ndereference before checking that - thanks to Al for spotting that.\n\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nTested-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4259fa01a2d2aa3e589b34ba7624080232d9c1ff", "tree": "3aa83d784c4db22f3b62e4d963757497555c5e5c", "parents": [ "74f2345b6be1410f824cb7dd638d2c10a9709379" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jun 07 11:13:31 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 09:57:02 2007 -0400" }, "message": "[PATCH] get rid of AVC_PATH postponed treatment\n\n Selinux folks had been complaining about the lack of AVC_PATH\nrecords when audit is disabled. I must admit my stupidity - I assumed\nthat avc_audit() really couldn\u0027t use audit_log_d_path() because of\ndeadlocks (\u003d\u003d could be called with dcache_lock or vfsmount_lock held).\nShouldn\u0027t have made that assumption - it never gets called that way.\nIt _is_ called under spinlocks, but not those.\n\n Since audit_log_d_path() uses ab-\u003egfp_mask for allocations,\nkmalloc() in there is not a problem. IOW, the simple fix is sufficient:\nlet\u0027s rip AUDIT_AVC_PATH out and simply generate pathname as part of main\nrecord. It\u0027s trivial to do.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5b9a4262232d632c28990fcdf4f36d0e0ade5f18", "tree": "1ced97f3605de37877045747cc4bb37c0c759509", "parents": [ "d7fff6f4d1ed1bc31577df887fefcb1541923367" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Tue May 29 10:38:18 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 09:57:02 2007 -0400" }, "message": "[PATCH] Make IPC mode consistent\n\nThe mode fields for IPC records are not consistent. Some are hex, others are\noctal. This patch makes them all octal.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b6a2fea39318e43fee84fa7b0b90d68bed92d2ba", "tree": "c9c3619cb2730b5c10c7427b837146bce3d69156", "parents": [ "bdf4c48af20a3b0f01671799ace345e3d49576da" ], "author": { "name": "Ollie Wild", "email": "aaw@google.com", "time": "Thu Jul 19 01:48:16 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Jul 19 10:04:45 2007 -0700" }, "message": "mm: variable length argument support\n\nRemove the arg+env limit of MAX_ARG_PAGES by copying the strings directly from\nthe old mm into the new mm.\n\nWe create the new mm before the binfmt code runs, and place the new stack at\nthe very top of the address space. Once the binfmt code runs and figures out\nwhere the stack should be, we move it downwards.\n\nIt is a bit peculiar in that we have one task with two mm\u0027s, one of which is\ninactive.\n\n[a.p.zijlstra@chello.nl: limit stack size]\nSigned-off-by: Ollie Wild \u003caaw@google.com\u003e\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: \u003clinux-arch@vger.kernel.org\u003e\nCc: Hugh Dickins \u003chugh@veritas.com\u003e\n[bunk@stusta.de: unexport bprm_mm_init]\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "bdf4c48af20a3b0f01671799ace345e3d49576da", "tree": "7c3b903d2de1cba6e212ad6f347bc8742b08035a", "parents": [ "b111757c50ee30dad162192df6168e270a90c252" ], "author": { "name": "Peter Zijlstra", "email": "a.p.zijlstra@chello.nl", "time": "Thu Jul 19 01:48:15 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Jul 19 10:04:45 2007 -0700" }, "message": "audit: rework execve audit\n\nThe purpose of audit_bprm() is to log the argv array to a userspace daemon at\nthe end of the execve system call. Since user-space hasn\u0027t had time to run,\nthis array is still in pristine state on the process\u0027 stack; so no need to\ncopy it, we can just grab it from there.\n\nIn order to minimize the damage to audit_log_*() copy each string into a\ntemporary kernel buffer first.\n\nCurrently the audit code requires that the full argument vector fits in a\nsingle packet. So currently it does clip the argv size to a (sysctl) limit,\nbut only when execve auditing is enabled.\n\nIf the audit protocol gets extended to allow for multiple packets this check\ncan be removed.\n\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nSigned-off-by: Ollie Wild \u003caaw@google.com\u003e\nCc: \u003clinux-audit@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "6d9525b52aecd11b14c4ec982add01c11157172f", "tree": "7664b09fdf09adb656e865a055cc2f2532919b77", "parents": [ "dcf5008db171211e3c34c060cacfd788306b034b" ], "author": { "name": "Henrik Kretzschmar", "email": "henne@nachtwindheim.de", "time": "Sun Jul 15 23:41:10 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:48 2007 -0700" }, "message": "kerneldoc fix in audit_core_dumps\n\nFix parameter name in audit_core_dumps for kerneldoc.\n\nSigned-off-by: Henrik Kretzschmar \u003chenne@nachtwindheim.de\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "522ed7767e800cff6c650ec64b0ee0677303119c", "tree": "f65ecb29f2cf885018d3557f840de3ef4be6ec64", "parents": [ "4f27c00bf80f122513d3a5be16ed851573164534" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Sun Jul 15 23:40:56 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "Audit: add TTY input auditing\n\nAdd TTY input auditing, used to audit system administrator\u0027s actions. This is\nrequired by various security standards such as DCID 6/3 and PCI to provide\nnon-repudiation of administrator\u0027s actions and to allow a review of past\nactions if the administrator seems to overstep their duties or if the system\nbecomes misconfigured for unknown reasons. These requirements do not make it\nnecessary to audit TTY output as well.\n\nCompared to an user-space keylogger, this approach records TTY input using the\naudit subsystem, correlated with other audit events, and it is completely\ntransparent to the user-space application (e.g. the console ioctls still\nwork).\n\nTTY input auditing works on a higher level than auditing all system calls\nwithin the session, which would produce an overwhelming amount of mostly\nuseless audit events.\n\nAdd an \"audit_tty\" attribute, inherited across fork (). Data read from TTYs\nby process with the attribute is sent to the audit subsystem by the kernel.\nThe audit netlink interface is extended to allow modifying the audit_tty\nattribute, and to allow sending explanatory audit events from user-space (for\nexample, a shell might send an event containing the final command, after the\ninteractive command-line editing and history expansion is performed, which\nmight be difficult to decipher from the TTY input alone).\n\nBecause the \"audit_tty\" attribute is inherited across fork (), it would be set\ne.g. for sshd restarted within an audited session. To prevent this, the\naudit_tty attribute is cleared when a process with no open TTY file\ndescriptors (e.g. after daemon startup) opens a TTY.\n\nSee https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a\nmore detailed rationale document for an older version of this patch.\n\n[akpm@linux-foundation.org: build fix]\nSigned-off-by: Miloslav Trmac \u003cmitr@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: Paul Fulghum \u003cpaulkf@microgate.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0a4ff8c2598b72f2fa9d50aae9e1809e684dbf41", "tree": "309f2b2b5874692302862534cd9052a1d96018ba", "parents": [ "5712e88f2b0f626a4857c24128810bbf8ce09537" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Thu Apr 19 10:28:21 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:26 2007 -0400" }, "message": "[PATCH] Abnormal End of Processes\n\nHi,\n\nI have been working on some code that detects abnormal events based on audit\nsystem events. One kind of event that we currently have no visibility for is\nwhen a program terminates due to segfault - which should never happen on a\nproduction machine. And if it did, you\u0027d want to investigate it. Attached is a\npatch that collects these events and sends them into the audit system.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5712e88f2b0f626a4857c24128810bbf8ce09537", "tree": "1285a3e632e6c3d6dfecc2c3445770a559c712ca", "parents": [ "4fc03b9beb2314f3adb9e72b7935a80c577954d1" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Tue Feb 13 14:15:22 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:26 2007 -0400" }, "message": "[PATCH] match audit name data\n\nMake more effort to detect previously collected names, so we don\u0027t log\nmultiple PATH records for a single filesystem object. Add\naudit_inc_name_count() to reduce duplicate code.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4fc03b9beb2314f3adb9e72b7935a80c577954d1", "tree": "81e04534c582923fcdc8212497d1487ddae412a8", "parents": [ "510f4006e7a82b37b53c17bbe64ec20f3a59302b" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Tue Feb 13 14:15:01 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:26 2007 -0400" }, "message": "[PATCH] complete message queue auditing\n\nHandle the edge cases for POSIX message queue auditing. Collect inode\ninfo when opening an existing mq, and for send/receive operations. Remove\naudit_inode_update() as it has really evolved into the equivalent of\naudit_inode().\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e41e8bde43026d5d2e41464e6105a50b31e34102", "tree": "1ba5c647ce69db81d327b0024294445a449cf1c0", "parents": [ "e54dc2431d740a79a6bd013babade99d71b1714f" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Tue Feb 13 14:14:09 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:25 2007 -0400" }, "message": "[PATCH] initialize name osid\n\nAudit contexts can be reused, so initialize a name\u0027s osid to the\ndefault in audit_getname(). This ensures we don\u0027t log a bogus object\nlabel when no inode data is collected for a name.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e54dc2431d740a79a6bd013babade99d71b1714f", "tree": "16b0990d5c16946239a17b332f54b5918fb03305", "parents": [ "7f13da40e36c84d0d046b7adbd060af7d3717250" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Mar 29 18:01:04 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:25 2007 -0400" }, "message": "[PATCH] audit signal recipients\n\nWhen auditing syscalls that send signals, log the pid and security\ncontext for each target process. Optimize the data collection by\nadding a counter for signal-related rules, and avoiding allocating an\naux struct unless we have more than one target process. For process\ngroups, collect pid/context data in blocks of 16. Move the\naudit_signal_info() hook up in check_kill_permission() so we audit\nattempts where permission is denied.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a5cb013da773a67ee48d1c19e96436c22a73a7eb", "tree": "8832d105c4742674423bd50352b8a4805c44fecc", "parents": [ "129a84de2347002f09721cda3155ccfd19fade40" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 20 13:58:35 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:25 2007 -0400" }, "message": "[PATCH] auditing ptrace\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c4823bce033be74c0fcfbcae2f1be0854fdc2e18", "tree": "a37dce7574167fc3639b70bab2626bbf8eb896e3", "parents": [ "baab1087c61d4506f2c9f4cdb7da162160de16c2" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Mon Mar 12 16:17:42 2007 +0000" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Mar 14 15:27:48 2007 -0700" }, "message": "[PATCH] fix deadlock in audit_log_task_context()\n\nGFP_KERNEL allocations in non-blocking context; fixed by killing\nan idiotic use of security_getprocattr().\n\nAcked-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "db3495099d3d52854b13874905af6e40a91f4721", "tree": "5a832081d70dd9dabda3498baf40b7d6ced47f24", "parents": [ "6a01b07fae482f9b34491b317056c89d3b96ca2e" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Feb 07 01:48:00 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Feb 17 21:30:15 2007 -0500" }, "message": "[PATCH] AUDIT_FD_PAIR\n\nProvide an audit record of the descriptor pair returned by pipe() and\nsocketpair(). Rewritten from the original posted to linux-audit by\nJohn D. Ramsdell \u003cramsdell@mitre.org\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a7a005fd12b84392becca311f2a20d5bf2a1b7af", "tree": "0baf326ea34bdef38e42a5ae664d348de3c69ae8", "parents": [ "ff273773bfd4f2131bad1318e56519fcceac2339" ], "author": { "name": "Josef Sipek", "email": "jsipek@fsl.cs.sunysb.edu", "time": "Fri Dec 08 02:37:17 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:46 2006 -0800" }, "message": "[PATCH] struct path: convert kernel\n\nSigned-off-by: Josef Sipek \u003cjsipek@fsl.cs.sunysb.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "24ec839c431eb79bb8f6abc00c4e1eb3b8c4d517", "tree": "2ff478b1925159eeac007913c2a8f19d5f5e6010", "parents": [ "562f9c574e0707f9159a729ea41faf53b221cd30" ], "author": { "name": "Peter Zijlstra", "email": "a.p.zijlstra@chello.nl", "time": "Fri Dec 08 02:36:04 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:38 2006 -0800" }, "message": "[PATCH] tty: -\u003esignal-\u003etty locking\n\nFix the locking of signal-\u003etty.\n\nUse -\u003esighand-\u003esiglock to protect -\u003esignal-\u003etty; this lock is already used\nby most other members of -\u003esignal/-\u003esighand. And unless we are \u0027current\u0027\nor the tasklist_lock is held we need -\u003esiglock to access -\u003esignal anyway.\n\n(NOTE: sys_unshare() is broken wrt -\u003esighand locking rules)\n\nNote that tty_mutex is held over tty destruction, so while holding\ntty_mutex any tty pointer remains valid. Otherwise the lifetime of ttys\nare governed by their open file handles. This leaves some holes for tty\naccess from signal-\u003etty (or any other non file related tty access).\n\nIt solves the tty SLAB scribbles we were seeing.\n\n(NOTE: the change from group_send_sig_info to __group_send_sig_info needs to\n be examined by someone familiar with the security framework, I think\n it is safe given the SEND_SIG_PRIV from other __group_send_sig_info\n invocations)\n\n[schwidefsky@de.ibm.com: 3270 fix]\n[akpm@osdl.org: various post-viro fixes]\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nAcked-by: Alan Cox \u003calan@redhat.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: Prarit Bhargava \u003cprarit@redhat.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Jeff Dike \u003cjdike@addtoit.com\u003e\nCc: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nCc: Jan Kara \u003cjack@ucw.cz\u003e\nSigned-off-by: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "161a09e737f0761ca064ee6a907313402f7a54b6", "tree": "80fdf6dc5de73d810ef0ec811299a5ec3c5ce23e", "parents": [ "95b99a670df31ca5271f503f378e5cac3aee8f5e" ], "author": { "name": "Joy Latten", "email": "latten@austin.ibm.com", "time": "Mon Nov 27 13:11:54 2006 -0600" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Dec 06 20:14:22 2006 -0800" }, "message": "audit: Add auditing to ipsec\n\nAn audit message occurs when an ipsec SA\nor ipsec policy is created/deleted.\n\nSigned-off-by: Joy Latten \u003clatten@austin.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a1f8e7f7fb9d7e2cbcb53170edca7c0ac4680697", "tree": "2d1190c0099291d56a9c986f16bec17df2f6768b", "parents": [ "b07e4ecd4d380ad697c54d729cb653d027077c99" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Oct 19 16:08:53 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Dec 04 02:00:29 2006 -0500" }, "message": "[PATCH] severing skbuff.h -\u003e highmem.h\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ac9910ce017ff5f86f3a25e969b2c4f5d6ac438f", "tree": "f45d66fa60a02a9f5b32ea95a7d599cb1f175323", "parents": [ "419c58f11fb732cc8bd1335fa43e0decb34e0be3" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Thu Sep 28 14:31:32 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Oct 04 08:31:21 2006 -0400" }, "message": "[PATCH] name_count array overrun\n\nHi,\n\nThis patch removes the rdev logging from the previous patch\n\nThe below patch closes an unbounded use of name_count. This can lead to oopses\nin some new file systems.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "419c58f11fb732cc8bd1335fa43e0decb34e0be3", "tree": "7eb03026bd7e102d235ccc02f81daf1127d93358", "parents": [ "4b8a311bb161a3bd2ab44311f42c526b6dc76270" ], "author": { "name": "Alexander Viro", "email": "aviro@redhat.com", "time": "Fri Sep 29 00:08:50 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Oct 04 08:31:19 2006 -0400" }, "message": "[PATCH] PPID filtering fix\n\nOn Thu, Sep 28, 2006 at 04:03:06PM -0400, Eric Paris wrote:\n\u003e After some looking I did not see a way to get into audit_log_exit\n\u003e without having set the ppid. So I am dropping the set from there and\n\u003e only doing it at the beginning.\n\u003e\n\u003e Please comment/ack/nak as soon as possible.\n\nEhh... That\u0027s one hell of an overhead to be had ;-/ Let\u0027s be lazy.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "eb84a20e9e6b98dcb33023ad22241d79107a08a7", "tree": "4971aef730cc3a1917463afe1dbb381dea664e99", "parents": [ "5f412b24240d92212e50ebbaff2dff20c9e6f3d0" ], "author": { "name": "Alan Cox", "email": "alan@lxorguk.ukuu.org.uk", "time": "Fri Sep 29 02:01:41 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Sep 29 09:18:25 2006 -0700" }, "message": "[PATCH] audit/accounting: tty locking\n\nAdd tty locking around the audit and accounting code.\n\nThe whole current-\u003esignal-\u003e locking is all deeply strange but it\u0027s for\nsomeone else to sort out. Add rather than replace the lock for acct.c\n\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nAcked-by: Arjan van de Ven \u003carjan@linux.intel.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1a70cd40cb291c25b67ec0da715a49d76719329d", "tree": "ffb4c6cd3f7ef1b92822ebbda11bd2b035c2bc86", "parents": [ "62bac0185ad3dfef11d9602980445c54d45199c6" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Sep 25 23:31:57 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:52 2006 -0700" }, "message": "[PATCH] selinux: rename selinux_ctxid_to_string\n\nRename selinux_ctxid_to_string to selinux_sid_to_string to be\nconsistent with other interfaces.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "62bac0185ad3dfef11d9602980445c54d45199c6", "tree": "8478673a1dccac5f4e7add4ad802a2bf69b269a4", "parents": [ "89fa30242facca249aead2aac03c4c69764f911c" ], "author": { "name": "Stephen Smalley", "email": "sds@tycho.nsa.gov", "time": "Mon Sep 25 23:31:56 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Tue Sep 26 08:48:52 2006 -0700" }, "message": "[PATCH] selinux: eliminate selinux_task_ctxid\n\nEliminate selinux_task_ctxid since it duplicates selinux_task_get_sid.\n\nSigned-off-by: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "55669bfa141b488be865341ed12e188967d11308", "tree": "efeec37a93f46c48937eb849c083da9a42ed3709", "parents": [ "dc104fb3231f11e95b5a0f09ae3ab27a8fd5b2e8" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 31 19:26:40 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Sep 11 13:32:30 2006 -0400" }, "message": "[PATCH] audit: AUDIT_PERM support\n\nadd support for AUDIT_PERM predicate\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3f2792ffbd88dc1cd41d226674cc428914981e98", "tree": "40d176c192eed972df3acd494079d56e6b0e9a34", "parents": [ "5ac3a9c26c1cc4861d9cdd8b293fecbfcdc81afe" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 16 06:43:48 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:59:51 2006 -0400" }, "message": "[PATCH] take filling -\u003epid, etc. out of audit_get_context()\n\nmove that stuff downstream and into the only branch where it\u0027ll be\nused.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5ac3a9c26c1cc4861d9cdd8b293fecbfcdc81afe", "tree": "6ca960fade3253ac358f3614e6a07361fc90d09e", "parents": [ "d51374adf5f2f88155a072d3d801104e3c0c3d7f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 16 06:38:45 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:59:42 2006 -0400" }, "message": "[PATCH] don\u0027t bother with aux entires for dummy context\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "d51374adf5f2f88155a072d3d801104e3c0c3d7f", "tree": "2b87e74cdb43fca5635cc25fb5a419cbb686ce00", "parents": [ "471a5c7c839114cc8b55876203aeb2817c33e3c5" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:59:26 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:59:26 2006 -0400" }, "message": "[PATCH] mark context of syscall entered with no rules as dummy\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "471a5c7c839114cc8b55876203aeb2817c33e3c5", "tree": "a034011f4efe66adcdca6e21efc2e05b0c0d3e34", "parents": [ "5422e01ac16df7398b2bad1eccad0ae3be4dee32" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Jul 10 08:29:24 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:55:18 2006 -0400" }, "message": "[PATCH] introduce audit rules counter\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "73d3ec5abad3f1730ac8530899d2c14d92f3ad63", "tree": "c2829a1e36ca155eecc7d4b8648fe9755247bec5", "parents": [ "3e2efce067cec0099f99ae59f28feda99b02b498" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Jul 13 13:16:39 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:50:30 2006 -0400" }, "message": "[PATCH] fix missed create event for directory audit\n\nWhen an object is created via a symlink into an audited directory, audit misses\nthe event due to not having collected the inode data for the directory. Modify\n__audit_inode_child() to copy the parent inode data if a parent wasn\u0027t found in\naudit_names[].\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3e2efce067cec0099f99ae59f28feda99b02b498", "tree": "94577cb6cb7f223319bb89a805b2d6945d42632e", "parents": [ "46f5960fdbf359f0c75989854bbaebc1de7a1eb4" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Jul 13 13:16:02 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 03 10:50:21 2006 -0400" }, "message": "[PATCH] fix faulty inode data collection for open() with O_CREAT\n\nWhen the specified path is an existing file or when it is a symlink, audit\ncollects the wrong inode number, which causes it to miss the open() event.\nAdding a second hook to the open() path fixes this.\n\nAlso add audit_copy_inode() to consolidate some code.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" } ], "next": "6e5a2d1d32596850a0ebf7fb3e54c0d69901dabd" }