)]}' { "log": [ { "commit": "8626877b5252c78be9e3e819e7de65740a7e6f90", "tree": "7b6b716b4f6237bead179ce6fe3ab6557549e1ec", "parents": [ "4f066328abec7f67518051e0eba67246ef2bfc07" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Tue Jul 16 13:18:45 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jan 17 17:14:32 2014 -0500" }, "message": "audit: fix location of __net_initdata for audit_net_ops\n\nFixup caught by checkpatch.\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "4f066328abec7f67518051e0eba67246ef2bfc07", "tree": "d7ae1c06fef6f52a54ab5f904215e5fda4fdedb1", "parents": [ "262fd3aad61100cb4f281efa292374817c25a479" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jan 17 17:04:38 2014 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Jan 17 17:04:38 2014 -0500" }, "message": "audit: remove pr_info for every network namespace\n\nA message about creating the audit socket might be fine at startup, but\na pr_info for every single network namespace created on a system isn\u0027t\nuseful.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "3e1d0bb6224f019893d1c498cc3327559d183674", "tree": "cf64e0a4eefbe17851a56b21c16783e023860577", "parents": [ "d957f7b726ccce4967ae0d668b5b10f0f1d10401" ], "author": { "name": "Joe Perches", "email": "joe@perches.com", "time": "Tue Jan 14 10:33:13 2014 -0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 14 14:54:00 2014 -0500" }, "message": "audit: Convert int limit uses to u32\n\nThe equivalent uapi struct uses __u32 so make the kernel\nuses u32 too.\n\nThis can prevent some oddities where the limit is\nlogged/emitted as a negative value.\n\nConvert kstrtol to kstrtouint to disallow negative values.\n\nSigned-off-by: Joe Perches \u003cjoe@perches.com\u003e\n[eparis: do not remove static from audit_default declaration]\n" }, { "commit": "d957f7b726ccce4967ae0d668b5b10f0f1d10401", "tree": "f7f3e7f0f49440c915198e7e1ee2671a12446b08", "parents": [ "b8dbc3241fff043213e8be8e798d45eb6ed28b96" ], "author": { "name": "Joe Perches", "email": "joe@perches.com", "time": "Tue Jan 14 10:33:12 2014 -0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 14 14:53:54 2014 -0500" }, "message": "audit: Use more current logging style\n\nAdd pr_fmt to prefix \"audit: \" to output\nConvert printk(KERN_\u003cLEVEL\u003e to pr_\u003clevel\u003e\nCoalesce formats\nUse pr_cont\nMove a brace after switch\n\nSigned-off-by: Joe Perches \u003cjoe@perches.com\u003e\n" }, { "commit": "b8dbc3241fff043213e8be8e798d45eb6ed28b96", "tree": "904f83fb854645d374a7f2de6d63d9966b7b45b9", "parents": [ "06bdadd7634551cfe8ce071fe44d0311b3033d9e" ], "author": { "name": "Joe Perches", "email": "joe@perches.com", "time": "Mon Jan 13 23:31:27 2014 -0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 14 14:53:50 2014 -0500" }, "message": "audit: Use hex_byte_pack_upper\n\nUsing the generic kernel function causes the\nobject size to increase with gcc 4.8.1.\n\n$ size kernel/audit.o*\n text\t data\t bss\t dec\t hex\tfilename\n 18577\t 6079\t 8436\t 33092\t 8144\tkernel/audit.o.new\n 18579\t 6015\t 8420\t 33014\t 80f6\tkernel/audit.o.old\n\nUnsigned...\n" }, { "commit": "1ce319f11ccc5ee5ed1bc1e020f1ac6e6d689c74", "tree": "f3ea9e05a746a629d2c55c41ca2f0d2b4ecdbe0c", "parents": [ "0e23baccaae4f752cfa89cca44e84a439ed8bd13" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 21:16:59 2014 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:33:41 2014 -0500" }, "message": "audit: reorder AUDIT_TTY_SET arguments\n\nAn admin is likely to want to see old and new values next to each other.\nPutting all of the old values followed by all of the new values is just\nhard to read as a human.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "0e23baccaae4f752cfa89cca44e84a439ed8bd13", "tree": "82defea35efa77b91dc15bc11510f890db7db8c2", "parents": [ "3f0c5fad89c2c287baee0f314177b82aeafa7363" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 21:12:34 2014 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:33:41 2014 -0500" }, "message": "audit: rework AUDIT_TTY_SET to only grab spin_lock once\n\nWe can simplify the AUDIT_TTY_SET code to only grab the spin_lock one\ntime. We need to determine if the new values are valid and if so, set\nthe new values at the same time we grab the old onces. While we are\nhere get rid of \u0027res\u0027 and just use err.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "3f0c5fad89c2c287baee0f314177b82aeafa7363", "tree": "f8aa71217198b39a0abd553e91c889acc6e6b0bb", "parents": [ "70249a9cfdb405f654708699c679c6774efb31d8" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 16:49:28 2014 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:33:39 2014 -0500" }, "message": "audit: remove needless switch in AUDIT_SET\n\nIf userspace specified that it was setting values via the mask we do not\nneed a second check to see if they also set the version field high\nenough to understand those values. (clearly if they set the mask they\nknew those values).\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "70249a9cfdb405f654708699c679c6774efb31d8", "tree": "3e3f102a255fe974fb0b7ae3841daff4021517c9", "parents": [ "d7961148258cfe19908b5a29941a8c9f3fa7a4d6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 16:48:45 2014 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:33:36 2014 -0500" }, "message": "audit: use define\u0027s for audit version\n\nGive names to the audit versions. Just something for a userspace\nprogrammer to know what the version provides.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "c81825dd6b2ab9dcbdbc5b3ae12cc724c550341d", "tree": "fd0af9304f1b7dfb898a1c4dba706fd8c780a0b0", "parents": [ "8c8115faca28c7118e2a5b0153998710ea3e01c4" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 15:42:16 2014 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:33:27 2014 -0500" }, "message": "audit: wait_for_auditd rework for readability\n\nWe had some craziness with signed to unsigned long casting which appears\nwholely unnecessary. Just use signed long. Even though 2 values of the\nmath equation are unsigned longs the result is expected to be a signed\nlong. So why keep casting the result to signed long? Just make it\nsigned long and use it.\n\nWe also remove the needless \"timeout\" variable. We already have the\nstack \"sleep_time\" variable. Just use that...\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "ad2ac263278620205555a572c29b3ebb4a5bce3b", "tree": "52ccadd92060907b2040754bd8d10bbea3f84eba", "parents": [ "de92fc97e12d4b9170d1ab3dbccbdcb8c56add31" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Tue Jan 07 13:08:41 2014 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:32:56 2014 -0500" }, "message": "audit: log task info on feature change\n\nAdd task information to the log when changing a feature state.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "de92fc97e12d4b9170d1ab3dbccbdcb8c56add31", "tree": "1398d88a4f074862def8c855b2ed5a62d673beb8", "parents": [ "11ee39ebf756821966fe1e2f65df4f728098d467" ], "author": { "name": "Gao feng", "email": "gaofeng@cn.fujitsu.com", "time": "Tue Dec 17 11:10:42 2013 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:32:49 2014 -0500" }, "message": "audit: fix incorrect set of audit_sock\n\nNETLINK_CB(skb).sk is the socket of user space process,\nnetlink_unicast in kauditd_send_skb wants the kernel\nside socket. Since the sk_state of audit netlink socket\nis not NETLINK_CONNECTED, so the netlink_getsockbyportid\ndoesn\u0027t return -ECONNREFUSED.\n\nAnd the socket of userspace process can be released anytime,\nso the audit_sock may point to invalid socket.\n\nthis patch sets the audit_sock to the kernel side audit\nnetlink socket.\n\nSigned-off-by: Gao feng \u003cgaofeng@cn.fujitsu.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "11ee39ebf756821966fe1e2f65df4f728098d467", "tree": "2bbdc6929b99f9a2d179a47b95f6674141177521", "parents": [ "5ee9a75c9fdaebd3ac8176f9f5c73fdcd27c1ad1" ], "author": { "name": "Gao feng", "email": "gaofeng@cn.fujitsu.com", "time": "Tue Dec 17 11:10:41 2013 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:32:44 2014 -0500" }, "message": "audit: print error message when fail to create audit socket\n\nprint the error message and then return -ENOMEM.\n\nSigned-off-by: Gao feng \u003cgaofeng@cn.fujitsu.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "724e4fcc8d80c63c7e56873b41987533db2a04c2", "tree": "2227b9c065ce771308c2f28456b2a9cde559d5af", "parents": [ "6dd80aba90639d1765396aa5e5f55e34dc3356e5" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Mon Nov 25 21:57:51 2013 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:32:31 2014 -0500" }, "message": "audit: log on errors from filter user rules\n\nAn error on an AUDIT_NEVER rule disabled logging on that rule.\nOn error on AUDIT_NEVER rules, log.\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6dd80aba90639d1765396aa5e5f55e34dc3356e5", "tree": "5198fe1e1c3fe0bd4a1235414a93e108ce451c74", "parents": [ "1b7b533f65db9b31f76972b2899ec7ec6433ae77" ], "author": { "name": "Toshiyuki Okajima", "email": "toshi.okajima@jp.fujitsu.com", "time": "Thu Dec 05 16:15:23 2013 +0900" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:32:22 2014 -0500" }, "message": "audit: audit_log_start running on auditd should not stop\n\nThe backlog cannot be consumed when audit_log_start is running on auditd\neven if audit_log_start calls wait_for_auditd to consume it.\nThe situation is the deadlock because only auditd can consume the backlog.\nIf the other process needs to send the backlog, it can be also stopped\nby the deadlock.\n\nSo, audit_log_start running on auditd should not stop.\n\nYou can see the deadlock with the following reproducer:\n # auditctl -a exit,always -S all\n # reboot\n\nSigned-off-by: Toshiyuki Okajima \u003ctoshi.okajima@jp.fujitsu.com\u003e\nReviewed-by: gaofeng@cn.fujitsu.com\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "1b7b533f65db9b31f76972b2899ec7ec6433ae77", "tree": "8b06c5c5fd3a8844647c66a75f63d2bf2197cc6a", "parents": [ "4eb0f4abfb9441849530ea19389ae57cc62c8078" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Mon Dec 02 11:33:01 2013 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:32:11 2014 -0500" }, "message": "audit: drop audit_cmd_lock in AUDIT_USER family of cases\n\nWe do not need to hold the audit_cmd_mutex for this family of cases. The\npossible exception to this is the call to audit_filter_user(), so drop the lock\nimmediately after. To help in fixing the race we are trying to avoid, make\nsure that nothing called by audit_filter_user() calls audit_log_start(). In\nparticular, watch out for *_audit_rule_match().\n\nThis fix will take care of systemd and anything USING audit. It still means\nthat we could race with something configuring audit and auditd shutting down.\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nReported-by: toshi.okajima@jp.fujitsu.com\nTested-by: toshi.okajima@jp.fujitsu.com\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "4440e8548153e9e6d56db9abe6f3bc0e5b9eb74f", "tree": "1752c5edd77a746fdb2aad2806b31fbe4dd39a76", "parents": [ "ff235f51a138fc61e1a22dcb8b072d9c78c2a8cc" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Nov 27 17:35:17 2013 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:31:46 2014 -0500" }, "message": "audit: convert all sessionid declaration to unsigned int\n\nRight now the sessionid value in the kernel is a combination of u32,\nint, and unsigned int. Just use unsigned int throughout.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "ff235f51a138fc61e1a22dcb8b072d9c78c2a8cc", "tree": "e60ba924338f34a394e1986a2173a8f38eee5235", "parents": [ "34eab0a7cd45ce0eab744a86a85d83aa7ddf99a5" ], "author": { "name": "Paul Davies C", "email": "pauldaviesc@gmail.com", "time": "Thu Nov 21 08:14:03 2013 +0530" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:31:38 2014 -0500" }, "message": "audit: Added exe field to audit core dump signal log\n\nCurrently when the coredump signals are logged by the audit system, the\nactual path to the executable is not logged. Without details of exe, the\nsystem admin may not have an exact idea on what program failed.\n\nThis patch changes the audit_log_task() so that the path to the exe is also\nlogged.\n\nThis was copied from audit_log_task_info() and the latter enhanced to avoid\ndisappearing text fields.\n\nSigned-off-by: Paul Davies C \u003cpauldaviesc@gmail.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "34eab0a7cd45ce0eab744a86a85d83aa7ddf99a5", "tree": "43ddd9b7dc7ae2e864bf591e5707381f8c7b4075", "parents": [ "ce0d9f04699706843e8a494d12cf6c7663d478c7" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Fri Jun 21 14:47:13 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:31:27 2014 -0500" }, "message": "audit: prevent an older auditd shutdown from orphaning a newer auditd startup\n\nThere have been reports of auditd restarts resulting in kaudit not being able\nto find a newly registered auditd. It results in reports such as:\n\tkernel: [ 2077.233573] audit: *NO* daemon at audit_pid\u003d1614\n\tkernel: [ 2077.234712] audit: audit_lost\u003d97 audit_rate_limit\u003d0 audit_backlog_limit\u003d320\n\tkernel: [ 2077.234718] audit: auditd disappeared\n\t\t(previously mis-spelled \"dissapeared\")\n\nOne possible cause is a race between the shutdown of an older auditd and a\nnewer one. If the newer one sets the daemon pid to itself in kauditd before\nthe older one has cleared the daemon pid, the newer daemon pid will be erased.\nThis could be caused by an automated system, or by manual intervention, but in\neither case, there is no use in having the older daemon clear the daemon pid\nreference since its old pid is no longer being referenced. This patch will\nprevent that specific case, returning an error of EACCES.\n\nThe case for preventing a newer auditd from registering itself if there is an\nexisting auditd is a more difficult case that is beyond the scope of this\npatch.\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "ce0d9f04699706843e8a494d12cf6c7663d478c7", "tree": "34cae2d8036f35933d49d3a02c49b37e0d95811b", "parents": [ "a06e56b2a11b5f7d5354b05988f97118c90580d2" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Wed Nov 20 14:01:53 2013 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:31:22 2014 -0500" }, "message": "audit: refactor audit_receive_msg() to clarify AUDIT_*_RULE* cases\n\naudit_receive_msg() needlessly contained a fallthrough case that called\naudit_receive_filter(), containing no common code between the cases. Separate\nthem to make the logic clearer. Refactor AUDIT_LIST_RULES, AUDIT_ADD_RULE,\nAUDIT_DEL_RULE cases to create audit_rule_change(), audit_list_rules_send()\nfunctions. This should not functionally change the logic.\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "a06e56b2a11b5f7d5354b05988f97118c90580d2", "tree": "59b4f9bf0b0ea1764a97b39b0afcbb1a8ffd04b4", "parents": [ "04ee1a3b8f0584099370f8501ac785fd5d2ed6ff" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Fri Nov 15 11:29:02 2013 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:31:15 2014 -0500" }, "message": "audit: log AUDIT_TTY_SET config changes\n\nLog transition of config changes when AUDIT_TTY_SET is called, including both\nenabled and log_passwd values now in the struct.\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "04ee1a3b8f0584099370f8501ac785fd5d2ed6ff", "tree": "7efec1326aa33043d9c69b28ff45c1df9934e3a0", "parents": [ "61c0ee8792165f0de7c4aa619343998a6966c1ef" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Tue Nov 26 18:49:12 2013 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:31:07 2014 -0500" }, "message": "audit: get rid of *NO* daemon at audit_pid\u003d0 message\n\nkauditd_send_skb is called after audit_pid was checked to be non-zero.\n\nHowever, it can be set to 0 due to auditd exiting while kauditd_send_skb\nis still executed and this can result in a spurious warning about missing\nauditd.\n\nRe-check audit_pid before printing the message.\n\nSigned-off-by: Mateusz Guzik \u003cmguzik@redhat.com\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: linux-kernel@vger.kernel.org\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "40c0775e5ea47667db497565b79a8dc154530992", "tree": "882d62ba73b6a4ab80449127cb2060dce64ffe74", "parents": [ "b6cfee4cce25d8d2cc06c69f0de2b61d4b2249b3" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Tue Oct 22 13:28:49 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:30:38 2014 -0500" }, "message": "audit: allow unlimited backlog queue\n\nSince audit can already be disabled by \"audit\u003d0\" on the kernel boot line, or by\nthe command \"auditctl -e 0\", it would be more useful to have the\naudit_backlog_limit set to zero mean effectively unlimited (limited only by\nsystem RAM).\n\nAcked-by: Gao feng \u003cgaofeng@cn.fujitsu.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "4547b3bc43c64389ca4368be0edf1f90ae1b938d", "tree": "cfe1d6def81ecf361a655b7825c4f180b2e4dfc2", "parents": [ "b6c50fe0be5b3a6be9c26f6941bc8c94cfaac1f8" ], "author": { "name": "Gao feng", "email": "gaofeng@cn.fujitsu.com", "time": "Fri Nov 01 19:34:44 2013 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:30:19 2014 -0500" }, "message": "audit: use old_lock in audit_set_feature\n\nwe already have old_lock, no need to calculate it again.\n\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Gao feng \u003cgaofeng@cn.fujitsu.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b6c50fe0be5b3a6be9c26f6941bc8c94cfaac1f8", "tree": "a66ff293f4ead81516d7456b61a32604bcf216db", "parents": [ "aabce351b514e21e7768929ba6e5fbd87dc3848c" ], "author": { "name": "Gao feng", "email": "gaofeng@cn.fujitsu.com", "time": "Fri Nov 01 19:34:43 2013 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:29:06 2014 -0500" }, "message": "audit: don\u0027t generate audit feature changed log when audit disabled\n\nIf audit is disabled,we shouldn\u0027t generate the audit log.\n\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Gao feng \u003cgaofeng@cn.fujitsu.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "aabce351b514e21e7768929ba6e5fbd87dc3848c", "tree": "409fcbb8ff135b571cbe2a5a4477b51e234c837f", "parents": [ "d3ca0344b21f04786219bf0f49647f24e4e17323" ], "author": { "name": "Gao feng", "email": "gaofeng@cn.fujitsu.com", "time": "Fri Nov 01 19:34:42 2013 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:29:00 2014 -0500" }, "message": "audit: fix incorrect order of log new and old feature\n\nThe order of new feature and old feature is incorrect,\nthis patch fix it.\n\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Gao feng \u003cgaofeng@cn.fujitsu.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "d3ca0344b21f04786219bf0f49647f24e4e17323", "tree": "45e0fea235246245c9161ef8a7da4b92ff0a9f58", "parents": [ "51cc83f024ee51de9da70c17e01ec6de524f5906" ], "author": { "name": "Gao feng", "email": "gaofeng@cn.fujitsu.com", "time": "Thu Oct 31 14:31:01 2013 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:28:53 2014 -0500" }, "message": "audit: remove useless code in audit_enable\n\nSince kernel parameter is operated before\ninitcall, so the audit_initialized must be\nAUDIT_UNINITIALIZED or DISABLED in audit_enable.\n\nSigned-off-by: Gao feng \u003cgaofeng@cn.fujitsu.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "51cc83f024ee51de9da70c17e01ec6de524f5906", "tree": "65836321a3abcd33bb913675904fde92a09df326", "parents": [ "09f883a9023e7a86f92c731e80f30a9447f4bdbe" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Wed Sep 18 11:55:12 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:28:45 2014 -0500" }, "message": "audit: add audit_backlog_wait_time configuration option\n\nreaahead-collector abuses the audit logging facility to discover which files\nare accessed at boot time to make a pre-load list\n\nAdd a tuning option to audit_backlog_wait_time so that if auditd can\u0027t keep up,\nor gets blocked, the callers won\u0027t be blocked.\n\nBump audit_status API version to \"2\".\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "09f883a9023e7a86f92c731e80f30a9447f4bdbe", "tree": "a23e692d2816b1704aea60f3640e6f9fd2cdfad2", "parents": [ "f910fde7307be80a1a228bba969c492f61f13281" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Wed Sep 18 09:32:24 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:28:39 2014 -0500" }, "message": "audit: clean up AUDIT_GET/SET local variables and future-proof API\n\nRe-named confusing local variable names (status_set and status_get didn\u0027t agree\nwith their command type name) and reduced their scope.\n\nFuture-proof API changes by not depending on the exact size of the audit_status\nstruct and by adding an API version field.\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "f910fde7307be80a1a228bba969c492f61f13281", "tree": "9afc05db62b6fd1047defe406e88b79abc1ad2ce", "parents": [ "a106fb0c67727bfbe7f5a5bbdaaa3ae7f47a8c15" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Tue Sep 17 12:34:52 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:28:31 2014 -0500" }, "message": "audit: add kernel set-up parameter to override default backlog limit\n\nThe default audit_backlog_limit is 64. This was a reasonable limit at one time.\n\nsystemd causes so much audit queue activity on startup that auditd doesn\u0027t\nstart before the backlog queue has already overflowed by more than a factor of\n2. On a system with audit\u003d not set on the kernel command line, this isn\u0027t an\nissue since that history isn\u0027t kept for auditd when it is available. On a\nsystem with audit\u003d1 set on the kernel command line, kaudit tries to keep that\nhistory until auditd is able to drain the queue.\n\nThis default can be changed by the \"-b\" option in audit.rules once the system\nhas booted, but won\u0027t help with lost messages on boot.\n\nOne way to solve this would be to increase the default backlog queue size to\navoid losing any messages before auditd is able to consume them. This would\nbe overkill to the embedded community and insufficient for some servers.\n\nAnother way to solve it might be to add a kconfig option to set the default\nbased on the system type. An embedded system would get the current (or\nsmaller) default, while Workstations might get more than now and servers might\nget more.\n\nNone of these solutions helps if a system\u0027s compiled default is too small to\nsee the lost messages without compiling a new kernel.\n\nThis patch adds a kernel set-up parameter (audit already has one to\nenable/disable it) \"audit_backlog_limit\u003d\u003cn\u003e\" that overrides the default to\nallow the system administrator to set the backlog limit.\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "7ecf69bf50fd3464342cab59fe08533fbe3f6076", "tree": "71a0ff49a0d58e2d531412db8dfaa1e72994b953", "parents": [ "db897319401e1c111aef59deadd59ea08e11d879" ], "author": { "name": "Dan Duval", "email": "dan.duval@oracle.com", "time": "Mon Sep 16 11:16:35 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:28:19 2014 -0500" }, "message": "audit: efficiency fix 2: request exclusive wait since all need same resource\n\nThese and similar errors were seen on a patched 3.8 kernel when the\naudit subsystem was overrun during boot:\n\n udevd[876]: worker [887] unexpectedly returned with status 0x0100\n udevd[876]: worker [887] failed while handling\n\u0027/devices/pci0000:00/0000:00:03.0/0000:40:00.0\u0027\n udevd[876]: worker [880] unexpectedly returned with status 0x0100\n udevd[876]: worker [880] failed while handling\n\u0027/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1/event1\u0027\n\n udevadm settle - timeout of 180 seconds reached, the event queue\ncontains:\n /sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1/event1 (3995)\n /sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/INT3F0D:00 (4034)\n\n audit: audit_backlog\u003d258 \u003e audit_backlog_limit\u003d256\n audit: audit_lost\u003d1 audit_rate_limit\u003d0 audit_backlog_limit\u003d256\n\nThe change below increases the efficiency of the audit code and prevents it\nfrom being overrun:\n\nUse add_wait_queue_exclusive() in wait_for_auditd() to put the\nthread on the wait queue. When kauditd dequeues an skb, all\nof the waiting threads are waiting for the same resource, but\nonly one is going to get it, so there\u0027s no need to wake up\nmore than one waiter.\n\nSee: https://lkml.org/lkml/2013/9/2/479\n\nSigned-off-by: Dan Duval \u003cdan.duval@oracle.com\u003e\nSigned-off-by: Chuck Anderson \u003cchuck.anderson@oracle.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "db897319401e1c111aef59deadd59ea08e11d879", "tree": "2bad7e546ecc69874e18a5846b01c4bc315dfaa3", "parents": [ "ae887e0bdcddb9d7acd8f1eb7b7795b438aa4950" ], "author": { "name": "Dan Duval", "email": "dan.duval@oracle.com", "time": "Mon Sep 16 11:11:12 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:28:08 2014 -0500" }, "message": "audit: efficiency fix 1: only wake up if queue shorter than backlog limit\n\nThese and similar errors were seen on a patched 3.8 kernel when the\naudit subsystem was overrun during boot:\n\n udevd[876]: worker [887] unexpectedly returned with status 0x0100\n udevd[876]: worker [887] failed while handling\n\u0027/devices/pci0000:00/0000:00:03.0/0000:40:00.0\u0027\n udevd[876]: worker [880] unexpectedly returned with status 0x0100\n udevd[876]: worker [880] failed while handling\n\u0027/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1/event1\u0027\n\n udevadm settle - timeout of 180 seconds reached, the event queue\ncontains:\n /sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1/event1 (3995)\n /sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/INT3F0D:00 (4034)\n\n audit: audit_backlog\u003d258 \u003e audit_backlog_limit\u003d256\n audit: audit_lost\u003d1 audit_rate_limit\u003d0 audit_backlog_limit\u003d256\n\nThe change below increases the efficiency of the audit code and prevents it\nfrom being overrun:\n\nOnly issue a wake_up in kauditd if the length of the skb queue is less than the\nbacklog limit. Otherwise, threads waiting in wait_for_auditd() will simply\nwake up, discover that the queue is still too long for them to proceed, and go\nback to sleep. This results in wasted context switches and machine cycles.\nkauditd_thread() is the only function that removes buffers from audit_skb_queue\nso we can\u0027t race. If we did, the timeout in wait_for_auditd() would expire and\nthe waiting thread would continue.\n\nSee: https://lkml.org/lkml/2013/9/2/479\n\nSigned-off-by: Dan Duval \u003cdan.duval@oracle.com\u003e\nSigned-off-by: Chuck Anderson \u003cchuck.anderson@oracle.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "ae887e0bdcddb9d7acd8f1eb7b7795b438aa4950", "tree": "9695e92b2c51170e3075a9bf1d06d9e464acdf01", "parents": [ "e789e561a50de0aaa8c695662d97aaa5eac9d55f" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Mon Sep 16 10:45:59 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:27:53 2014 -0500" }, "message": "audit: make use of remaining sleep time from wait_for_auditd\n\nIf wait_for_auditd() times out, go immediately to the error function rather\nthan retesting the loop conditions.\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "e789e561a50de0aaa8c695662d97aaa5eac9d55f", "tree": "06e9ef8481ccb37b785c3ec478927d3dc243bb91", "parents": [ "33faba7fa7f2288d2f8aaea95958b2c97bf9ebfb" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Thu Sep 12 23:03:51 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:27:30 2014 -0500" }, "message": "audit: reset audit backlog wait time after error recovery\n\nWhen the audit queue overflows and times out (audit_backlog_wait_time), the\naudit queue overflow timeout is set to zero. Once the audit queue overflow\ntimeout condition recovers, the timeout should be reset to the original value.\n\nSee also:\n\thttps://lkml.org/lkml/2013/9/2/473\n\nCc: stable@vger.kernel.org # v3.8-rc4+\nSigned-off-by: Luiz Capitulino \u003clcapitulino@redhat.com\u003e\nSigned-off-by: Dan Duval \u003cdan.duval@oracle.com\u003e\nSigned-off-by: Chuck Anderson \u003cchuck.anderson@oracle.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "33faba7fa7f2288d2f8aaea95958b2c97bf9ebfb", "tree": "fd6dd66d190aed6c01e974b9c07be163c10a5e65", "parents": [ "2f2ad1013322c8f6c40fc6dafdbd32442fa730ad" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Tue Jul 16 13:18:45 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:27:24 2014 -0500" }, "message": "audit: listen in all network namespaces\n\nConvert audit from only listening in init_net to use register_pernet_subsys()\nto dynamically manage the netlink socket list.\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2f2ad1013322c8f6c40fc6dafdbd32442fa730ad", "tree": "5a364888e917c62acb3702ba174a4989a4ce34a1", "parents": [ "f9441639e6319f0c0e12bd63fa2f58990af0a9d2" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Mon Jul 15 10:23:11 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:27:16 2014 -0500" }, "message": "audit: restore order of tty and ses fields in log output\n\nWhen being refactored from audit_log_start() to audit_log_task_info(), in\ncommit e23eb920 the tty and ses fields in the log output got transposed.\nRestore to original order to avoid breaking search tools.\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "f9441639e6319f0c0e12bd63fa2f58990af0a9d2", "tree": "3fc0c477d498240e517c471f76efa2deee81ce5d", "parents": [ "ca24a23ebca17d9d0f2afde4ee49cd810bccc8d7" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Wed Aug 14 11:32:45 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 13 22:26:52 2014 -0500" }, "message": "audit: fix netlink portid naming and types\n\nNormally, netlink ports use the PID of the userspace process as the port ID.\nIf the PID is already in use by a port, the kernel will allocate another port\nID to avoid conflict. Re-name all references to netlink ports from pid to\nportid to reflect this reality and avoid confusion with actual PIDs. Ports\nuse the __u32 type, so re-type all portids accordingly.\n\n(This patch is very similar to ebiederman\u0027s 5deadd69)\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Gao feng \u003cgaofeng@cn.fujitsu.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "fc582aef7dcc27a7120cf232c1e76c569c7b6eab", "tree": "7d275dd4ceab6067b91e9a25a5f6338b425fbccd", "parents": [ "9175c9d2aed528800175ef81c90569d00d23f9be", "5e01dc7b26d9f24f39abace5da98ccbd6a5ceb52" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Nov 22 18:57:08 2013 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Nov 22 18:57:54 2013 -0500" }, "message": "Merge tag \u0027v3.12\u0027\n\nLinux 3.12\n\nConflicts:\n\tfs/exec.c\n" }, { "commit": "d3aea84a4ace5ff9ce7fb7714cee07bebef681c2", "tree": "59db7631075067f16c8d5f19286b7e075180b4be", "parents": [ "14e972b4517128ac8e30e3de2ee4fbd995084223" ], "author": { "name": "Jeff Layton", "email": "jlayton@redhat.com", "time": "Wed May 08 10:32:23 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 05 11:09:04 2013 -0500" }, "message": "audit: log the audit_names record type\n\n...to make it clear what the intent behind each record\u0027s operation was.\n\nIn many cases you can infer this, based on the context of the syscall\nand the result. In other cases it\u0027s not so obvious. For instance, in\nthe case where you have a file being renamed over another, you\u0027ll have\ntwo different records with the same filename but different inode info.\nBy logging this information we can clearly tell which one was created\nand which was deleted.\n\nThis fixes what was broken in commit bfcec708.\nCommit 79f6530c should also be backported to stable v3.7+.\n\nSigned-off-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b95d77fe341b9c9641addb326cf43c30d1ba23b8", "tree": "615f0bdd77a76d5eeef601a349389bc0bc360ab4", "parents": [ "4d8fe7376a12bf4524783dd95cbc00f1fece6232" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Fri May 03 14:03:49 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 05 11:08:42 2013 -0500" }, "message": "audit: use given values in tty_audit enable api\n\nIn send/GET, we don\u0027t want the kernel to lie about what value is set.\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "4d8fe7376a12bf4524783dd95cbc00f1fece6232", "tree": "db0c3dae0fa8592ed93e225a852c327d977cd4b9", "parents": [ "e13f91e3c57986a609c10ddf94af0546a2a97dce" ], "author": { "name": "Mathias Krause", "email": "minipli@googlemail.com", "time": "Mon Sep 30 22:04:25 2013 +0200" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 05 11:08:37 2013 -0500" }, "message": "audit: use nlmsg_len() to get message payload length\n\nUsing the nlmsg_len member of the netlink header to test if the message\nis valid is wrong as it includes the size of the netlink header itself.\nThereby allowing to send short netlink messages that pass those checks.\n\nUse nlmsg_len() instead to test for the right message length. The result\nof nlmsg_len() is guaranteed to be non-negative as the netlink message\nalready passed the checks of nlmsg_ok().\n\nAlso switch to min_t() to please checkpatch.pl.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: stable@vger.kernel.org # v2.6.6+ for the 1st hunk, v2.6.23+ for the 2nd\nSigned-off-by: Mathias Krause \u003cminipli@googlemail.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "e13f91e3c57986a609c10ddf94af0546a2a97dce", "tree": "71c58b8eaa95bcffb554052794f3c99e767104da", "parents": [ "64fbff9ae0a0a843365d922e0057fc785f23f0e3" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 05 10:48:02 2013 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 05 11:08:35 2013 -0500" }, "message": "audit: use memset instead of trying to initialize field by field\n\nWe currently are setting fields to 0 to initialize the structure\ndeclared on the stack. This is a bad idea as if the structure has holes\nor unpacked space these will not be initialized. Just use memset. This\nis not a performance critical section of code.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "64fbff9ae0a0a843365d922e0057fc785f23f0e3", "tree": "e6744c5150c5a5ec1dd2ad7f198f89478f75976e", "parents": [ "db510fc5cd9b9db214d7ec1828662942fac19c8c" ], "author": { "name": "Mathias Krause", "email": "minipli@googlemail.com", "time": "Mon Sep 30 22:04:24 2013 +0200" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 05 11:08:30 2013 -0500" }, "message": "audit: fix info leak in AUDIT_GET requests\n\nWe leak 4 bytes of kernel stack in response to an AUDIT_GET request as\nwe miss to initialize the mask member of status_set. Fix that.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: stable@vger.kernel.org # v2.6.6+\nSigned-off-by: Mathias Krause \u003cminipli@googlemail.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "21b85c31d23f2047d47e1f74bfa5caa8b75c1c77", "tree": "08ac436415d71faeb2d4d89d7d549bf70ad1261c", "parents": [ "d040e5af380554c23ffe0a034ae5f3e53da93a1d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu May 23 14:26:00 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 05 11:08:17 2013 -0500" }, "message": "audit: audit feature to set loginuid immutable\n\nThis adds a new \u0027audit_feature\u0027 bit which allows userspace to set it\nsuch that the loginuid is absolutely immutable, even if you have\nCAP_AUDIT_CONTROL.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "d040e5af380554c23ffe0a034ae5f3e53da93a1d", "tree": "637a2e206c56b1cd2be32f8ef92bea19e25a3e9c", "parents": [ "81407c84ace88368ff23abb81caaeacf050c8450" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri May 24 09:18:04 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 05 11:08:13 2013 -0500" }, "message": "audit: audit feature to only allow unsetting the loginuid\n\nThis is a new audit feature which only grants processes with\nCAP_AUDIT_CONTROL the ability to unset their loginuid. They cannot\ndirectly set it from a valid uid to another valid uid. The ability to\nunset the loginuid is nice because a priviledged task, like that of\ncontainer creation, can unset the loginuid and then priv is not needed\ninside the container when a login daemon needs to set the loginuid.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b0fed40214ce79ef70d97584ebdf13f89786da0e", "tree": "fc912434e03f4a300942e809e376e2e4ec2cb837", "parents": [ "42f74461a5b60cf6b42887e6d2ff5b7be4abf1ca" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed May 22 12:54:49 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 05 11:07:30 2013 -0500" }, "message": "audit: implement generic feature setting and retrieving\n\nThe audit_status structure was not designed with extensibility in mind.\nDefine a new AUDIT_SET_FEATURE message type which takes a new structure\nof bits where things can be enabled/disabled/locked one at a time. This\nstructure should be able to grow in the future while maintaining forward\nand backward compatibility (based loosly on the ideas from capabilities\nand prctl)\n\nThis does not actually add any features, but is just infrastructure to\nallow new on/off types of audit system features.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "0868a5e150bc4c47e7a003367cd755811eb41e0b", "tree": "627c65016b3046c60741dd62d67b0ef84cadc715", "parents": [ "d48d805122e39c066898df2e460875d3aaf60508" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@canonical.com", "time": "Thu Jul 25 18:02:55 2013 -0700" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 05 11:07:23 2013 -0500" }, "message": "audit: printk USER_AVC messages when audit isn\u0027t enabled\n\nWhen the audit\u003d1 kernel parameter is absent and auditd is not running,\nAUDIT_USER_AVC messages are being silently discarded.\n\nAUDIT_USER_AVC messages should be sent to userspace using printk(), as\nmentioned in the commit message of 4a4cd633 (\"AUDIT: Optimise the\naudit-disabled case for discarding user messages\").\n\nWhen audit_enabled is 0, audit_receive_msg() discards all user messages\nexcept for AUDIT_USER_AVC messages. However, audit_log_common_recv_msg()\nrefuses to allocate an audit_buffer if audit_enabled is 0. The fix is to\nspecial case AUDIT_USER_AVC messages in both functions.\n\nIt looks like commit 50397bd1 (\"[AUDIT] clean up audit_receive_msg()\")\nintroduced this bug.\n\nCc: \u003cstable@kernel.org\u003e # v2.6.25+\nSigned-off-by: Tyler Hicks \u003ctyhicks@canonical.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: linux-audit@redhat.com\nAcked-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "af0e493d304262162dcc0e0b39ee47b12461d003", "tree": "907a7129a5dfd400208cda0182fda93f656a1d10", "parents": [ "b8f89caafeb55fba75b74bea25adc4e4cd91be67" ], "author": { "name": "Gao feng", "email": "gaofeng@cn.fujitsu.com", "time": "Mon Sep 23 15:55:44 2013 +0800" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 05 11:07:14 2013 -0500" }, "message": "Audit: remove duplicate comments\n\nRemove it.\n\nSigned-off-by: Gao feng \u003cgaofeng@cn.fujitsu.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b8f89caafeb55fba75b74bea25adc4e4cd91be67", "tree": "f8e1ac8ce7cb895dddf169b8f35568a66815a23c", "parents": [ "47145705e3e2894b6c73846b67734726c5d7173c" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Wed Sep 18 11:17:43 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 05 11:07:09 2013 -0500" }, "message": "audit: remove newline accidentally added during session id helper refactor\n\nA newline was accidentally added during session ID helper refactorization in\ncommit 4d3fb709. This needlessly uses up buffer space, messes up syslog\nformatting and makes userspace processing less efficient. Remove it.\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "47145705e3e2894b6c73846b67734726c5d7173c", "tree": "c63822a66c070acb6cdbb0238962601390d0a647", "parents": [ "b50eba7e2d534762a19a7207dda012f09302a8d2" ], "author": { "name": "Ilya V. Matveychikov", "email": "matvejchikov@gmail.com", "time": "Sun Sep 29 15:53:40 2013 +0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 05 11:06:53 2013 -0500" }, "message": "audit: remove duplicate inclusion of the netlink header\n\nSigned-off-by: Ilya V. Matveychikov \u003cmatvejchikov@gmail.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b50eba7e2d534762a19a7207dda012f09302a8d2", "tree": "3b9f2e1c2f591648d2e9c64a66e7d01bf4e47c3a", "parents": [ "6e4664525b1db28f8c4e1130957f70a94c19213e" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Mon Sep 16 18:20:42 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 05 11:06:49 2013 -0500" }, "message": "audit: format user messages to size of MAX_AUDIT_MESSAGE_LENGTH\n\nMessages of type AUDIT_USER_TTY were being formatted to 1024 octets,\ntruncating messages approaching MAX_AUDIT_MESSAGE_LENGTH (8970 octets).\n\nSet the formatting to 8560 characters, given maximum estimates for prefix and\nsuffix budgets.\n\nSee the problem discussion:\nhttps://www.redhat.com/archives/linux-audit/2009-January/msg00030.html\n\nAnd the new size rationale:\nhttps://www.redhat.com/archives/linux-audit/2013-September/msg00016.html\n\nTest ~8k messages with:\nauditctl -m \"$(for i in $(seq -w 001 820);do echo -n \"${i}0______\";done)\"\n\nReported-by: LC Bruzenak \u003clenny@magitekltd.com\u003e\nReported-by: Justin Stephenson \u003cjstephen@redhat.com\u003e\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "8ac1c8d5deba65513b6a82c35e89e73996c8e0d6", "tree": "fbf7742d632b870070632cf73f41663ba815576e", "parents": [ "0608f43da64a1f1c42507304b5f25bc8b1227aa4" ], "author": { "name": "Konstantin Khlebnikov", "email": "khlebnikov@openvz.org", "time": "Tue Sep 24 15:27:42 2013 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Sep 24 17:00:26 2013 -0700" }, "message": "audit: fix endless wait in audit_log_start()\n\nAfter commit 829199197a43 (\"kernel/audit.c: avoid negative sleep\ndurations\") audit emitters will block forever if userspace daemon cannot\nhandle backlog.\n\nAfter the timeout the waiting loop turns into busy loop and runs until\ndaemon dies or returns back to work. This is a minimal patch for that\nbug.\n\nSigned-off-by: Konstantin Khlebnikov \u003ckhlebnikov@openvz.org\u003e\nCc: Luiz Capitulino \u003clcapitulino@redhat.com\u003e\nCc: Richard Guy Briggs \u003crgb@redhat.com\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Chuck Anderson \u003cchuck.anderson@oracle.com\u003e\nCc: Dan Duval \u003cdan.duval@oracle.com\u003e\nCc: Dave Kleikamp \u003cdave.kleikamp@oracle.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f000cfdde5de4fc15dead5ccf524359c07eadf2b", "tree": "f9632725a04ee92a5f1c0839253fe1769e97c84c", "parents": [ "ebf8d6c8630bfd3e24683306599cb953c9a2842c" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Wed Jun 12 14:04:46 2013 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Jun 12 16:29:45 2013 -0700" }, "message": "audit: wait_for_auditd() should use TASK_UNINTERRUPTIBLE\n\naudit_log_start() does wait_for_auditd() in a loop until\naudit_backlog_wait_time passes or audit_skb_queue has a room.\n\nIf signal_pending() is true this becomes a busy-wait loop, schedule() in\nTASK_INTERRUPTIBLE won\u0027t block.\n\nThanks to Guy for fully investigating and explaining the problem.\n\n(akpm: that\u0027ll cause the system to lock up on a non-preemptible\nuniprocessor kernel)\n\n(Guy: \"Our customer was in fact running a uniprocessor machine, and they\nreported a system hang.\")\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nReported-by: Guy Streeter \u003cstreeter@redhat.com\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \u003cstable@vger.kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c4cc75c3321cad6f20d1e5325293890255c8a663", "tree": "f515d034c9d6947bed0467840678aff823747596", "parents": [ "2dbd3cac87250a0d44e07acc86c4224a08522709", "2a0b4be6dd655e24990da1d0811e28b9277f8b12" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat May 11 14:29:11 2013 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat May 11 14:29:11 2013 -0700" }, "message": "Merge git://git.infradead.org/users/eparis/audit\n\nPull audit changes from Eric Paris:\n \"Al used to send pull requests every couple of years but he told me to\n just start pushing them to you directly.\n\n Our touching outside of core audit code is pretty straight forward. A\n couple of interface changes which hit net/. A simple argument bug\n calling audit functions in namei.c and the removal of some assembly\n branch prediction code on ppc\"\n\n* git://git.infradead.org/users/eparis/audit: (31 commits)\n audit: fix message spacing printing auid\n Revert \"audit: move kaudit thread start from auditd registration to kaudit init\"\n audit: vfs: fix audit_inode call in O_CREAT case of do_last\n audit: Make testing for a valid loginuid explicit.\n audit: fix event coverage of AUDIT_ANOM_LINK\n audit: use spin_lock in audit_receive_msg to process tty logging\n audit: do not needlessly take a lock in tty_audit_exit\n audit: do not needlessly take a spinlock in copy_signal\n audit: add an option to control logging of passwords with pam_tty_audit\n audit: use spin_lock_irqsave/restore in audit tty code\n helper for some session id stuff\n audit: use a consistent audit helper to log lsm information\n audit: push loginuid and sessionid processing down\n audit: stop pushing loginid, uid, sessionid as arguments\n audit: remove the old depricated kernel interface\n audit: make validity checking generic\n audit: allow checking the type of audit message in the user filter\n audit: fix build break when AUDIT_DEBUG \u003d\u003d 2\n audit: remove duplicate export of audit_enabled\n Audit: do not print error when LSMs disabled\n ...\n" }, { "commit": "2a0b4be6dd655e24990da1d0811e28b9277f8b12", "tree": "ef6977d732ba71ce8dce6eaea47830423928839b", "parents": [ "82d8da0d46ae7d3e9089efadb5e8d9841c20a431" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed May 08 00:01:07 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed May 08 00:02:19 2013 -0400" }, "message": "audit: fix message spacing printing auid\n\nThe helper function didn\u0027t include a leading space, so it was jammed\nagainst the previous text in the audit record.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "82d8da0d46ae7d3e9089efadb5e8d9841c20a431", "tree": "363caec82ec31d6d8d7f4559f265d2521322fcb0", "parents": [ "33e2208acfc15ce00d3dd13e839bf6434faa2b04" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue May 07 21:24:02 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue May 07 22:27:21 2013 -0400" }, "message": "Revert \"audit: move kaudit thread start from auditd registration to kaudit init\"\n\nThis reverts commit 6ff5e45985c2fcb97947818f66d1eeaf9d6600b2.\n\nConflicts:\n\tkernel/audit.c\n\nThis patch was starting a kthread for all the time. Since the follow on\npatches that required it didn\u0027t get finished in 3.10 time, we shouldn\u0027t\nship this change in 3.10.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "73287a43cc79ca06629a88d1a199cd283f42456a", "tree": "acf4456e260115bea77ee31a29f10ce17f0db45c", "parents": [ "251df49db3327c64bf917bfdba94491fde2b4ee0", "20074f357da4a637430aec2879c9d864c5d2c23c" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed May 01 14:08:52 2013 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed May 01 14:08:52 2013 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next\n\nPull networking updates from David Miller:\n \"Highlights (1721 non-merge commits, this has to be a record of some\n sort):\n\n 1) Add \u0027random\u0027 mode to team driver, from Jiri Pirko and Eric\n Dumazet.\n\n 2) Make it so that any driver that supports configuration of multiple\n MAC addresses can provide the forwarding database add and del\n calls by providing a default implementation and hooking that up if\n the driver doesn\u0027t have an explicit set of handlers. From Vlad\n Yasevich.\n\n 3) Support GSO segmentation over tunnels and other encapsulating\n devices such as VXLAN, from Pravin B Shelar.\n\n 4) Support L2 GRE tunnels in the flow dissector, from Michael Dalton.\n\n 5) Implement Tail Loss Probe (TLP) detection in TCP, from Nandita\n Dukkipati.\n\n 6) In the PHY layer, allow supporting wake-on-lan in situations where\n the PHY registers have to be written for it to be configured.\n\n Use it to support wake-on-lan in mv643xx_eth.\n\n From Michael Stapelberg.\n\n 7) Significantly improve firewire IPV6 support, from YOSHIFUJI\n Hideaki.\n\n 8) Allow multiple packets to be sent in a single transmission using\n network coding in batman-adv, from Martin Hundebøll.\n\n 9) Add support for T5 cxgb4 chips, from Santosh Rastapur.\n\n 10) Generalize the VXLAN forwarding tables so that there is more\n flexibility in configurating various aspects of the endpoints.\n From David Stevens.\n\n 11) Support RSS and TSO in hardware over GRE tunnels in bxn2x driver,\n from Dmitry Kravkov.\n\n 12) Zero copy support in nfnelink_queue, from Eric Dumazet and Pablo\n Neira Ayuso.\n\n 13) Start adding networking selftests.\n\n 14) In situations of overload on the same AF_PACKET fanout socket, or\n per-cpu packet receive queue, minimize drop by distributing the\n load to other cpus/fanouts. From Willem de Bruijn and Eric\n Dumazet.\n\n 15) Add support for new payload offset BPF instruction, from Daniel\n Borkmann.\n\n 16) Convert several drivers over to mdoule_platform_driver(), from\n Sachin Kamat.\n\n 17) Provide a minimal BPF JIT image disassembler userspace tool, from\n Daniel Borkmann.\n\n 18) Rewrite F-RTO implementation in TCP to match the final\n specification of it in RFC4138 and RFC5682. From Yuchung Cheng.\n\n 19) Provide netlink socket diag of netlink sockets (\"Yo dawg, I hear\n you like netlink, so I implemented netlink dumping of netlink\n sockets.\") From Andrey Vagin.\n\n 20) Remove ugly passing of rtnetlink attributes into rtnl_doit\n functions, from Thomas Graf.\n\n 21) Allow userspace to be able to see if a configuration change occurs\n in the middle of an address or device list dump, from Nicolas\n Dichtel.\n\n 22) Support RFC3168 ECN protection for ipv6 fragments, from Hannes\n Frederic Sowa.\n\n 23) Increase accuracy of packet length used by packet scheduler, from\n Jason Wang.\n\n 24) Beginning set of changes to make ipv4/ipv6 fragment handling more\n scalable and less susceptible to overload and locking contention,\n from Jesper Dangaard Brouer.\n\n 25) Get rid of using non-type-safe NLMSG_* macros and use nlmsg_*()\n instead. From Hong Zhiguo.\n\n 26) Optimize route usage in IPVS by avoiding reference counting where\n possible, from Julian Anastasov.\n\n 27) Convert IPVS schedulers to RCU, also from Julian Anastasov.\n\n 28) Support cpu fanouts in xt_NFQUEUE netfilter target, from Holger\n Eitzenberger.\n\n 29) Network namespace support for nf_log, ebt_log, xt_LOG, ipt_ULOG,\n nfnetlink_log, and nfnetlink_queue. From Gao feng.\n\n 30) Implement RFC3168 ECN protection, from Hannes Frederic Sowa.\n\n 31) Support several new r8169 chips, from Hayes Wang.\n\n 32) Support tokenized interface identifiers in ipv6, from Daniel\n Borkmann.\n\n 33) Use usbnet_link_change() helper in USB net driver, from Ming Lei.\n\n 34) Add 802.1ad vlan offload support, from Patrick McHardy.\n\n 35) Support mmap() based netlink communication, also from Patrick\n McHardy.\n\n 36) Support HW timestamping in mlx4 driver, from Amir Vadai.\n\n 37) Rationalize AF_PACKET packet timestamping when transmitting, from\n Willem de Bruijn and Daniel Borkmann.\n\n 38) Bring parity to what\u0027s provided by /proc/net/packet socket dumping\n and the info provided by netlink socket dumping of AF_PACKET\n sockets. From Nicolas Dichtel.\n\n 39) Fix peeking beyond zero sized SKBs in AF_UNIX, from Benjamin\n Poirier\"\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1722 commits)\n filter: fix va_list build error\n af_unix: fix a fatal race with bit fields\n bnx2x: Prevent memory leak when cnic is absent\n bnx2x: correct reading of speed capabilities\n net: sctp: attribute printl with __printf for gcc fmt checks\n netlink: kconfig: move mmap i/o into netlink kconfig\n netpoll: convert mutex into a semaphore\n netlink: Fix skb ref counting.\n net_sched: act_ipt forward compat with xtables\n mlx4_en: fix a build error on 32bit arches\n Revert \"bnx2x: allow nvram test to run when device is down\"\n bridge: avoid OOPS if root port not found\n drivers: net: cpsw: fix kernel warn on cpsw irq enable\n sh_eth: use random MAC address if no valid one supplied\n 3c509.c: call SET_NETDEV_DEV for all device types (ISA/ISAPnP/EISA)\n tg3: fix to append hardware time stamping flags\n unix/stream: fix peeking with an offset larger than data in queue\n unix/dgram: fix peeking with an offset larger than data in queue\n unix/dgram: peek beyond 0-sized skbs\n openvswitch: Remove unneeded ovs_netdev_get_ifindex()\n ...\n" }, { "commit": "b24a30a7305418ff138ff51776fc555ec57c011a", "tree": "2c64cff75b758c3fb407118ab473167fb5bec3fa", "parents": [ "7173c54e3a9deb491a586e7e107375109ee48bcb" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 30 15:30:32 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 30 15:31:28 2013 -0400" }, "message": "audit: fix event coverage of AUDIT_ANOM_LINK\n\nThe userspace audit tools didn\u0027t like the existing formatting of the\nAUDIT_ANOM_LINK event. It needed to be expanded to emit an AUDIT_PATH\nevent as well, so this implements the change. The bulk of the patch is\nmoving code out of auditsc.c into audit.c and audit.h for general use.\nIt expands audit_log_name to include an optional \"struct path\" argument\nfor the simple case of just needing to report a pathname. This also\nmakes\naudit_log_task_info available when syscall auditing is not enabled,\nsince\nit is needed in either case for process details.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nReported-by: Steve Grubb \u003csgrubb@redhat.com\u003e\n" }, { "commit": "7173c54e3a9deb491a586e7e107375109ee48bcb", "tree": "eb421f7b9c16125217cb2797e0c24e535cd1f1bc", "parents": [ "bee0a224e791cccbc7ecd7faf2d5932942668976" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 30 11:28:04 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 30 15:31:28 2013 -0400" }, "message": "audit: use spin_lock in audit_receive_msg to process tty logging\n\nThis function is called when we receive a netlink message from\nuserspace. We don\u0027t need to worry about it coming from irq context or\nirqs making it re-entrant.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "46e959ea2969cc1668d09b0dc55226946cf781f1", "tree": "40481f42587257039bd7b898c2aec95e1c01656f", "parents": [ "bde02ca858448cf54a4226774dd1481f3bcc455e" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Fri May 03 14:03:50 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 30 15:31:28 2013 -0400" }, "message": "audit: add an option to control logging of passwords with pam_tty_audit\n\nMost commands are entered one line at a time and processed as complete lines\nin non-canonical mode. Commands that interactively require a password, enter\ncanonical mode to do this while shutting off echo. This pair of features\n(icanon and !echo) can be used to avoid logging passwords by audit while still\nlogging the rest of the command.\n\nAdding a member (log_passwd) to the struct audit_tty_status passed in by\npam_tty_audit allows control of canonical mode without echo per task.\n\nSigned-off-by: Richard Guy Briggs \u003crgb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "bde02ca858448cf54a4226774dd1481f3bcc455e", "tree": "d5d7144d1314cba0c055b3804db35e06987a7956", "parents": [ "4d3fb709b285ac885c40950a837edbfc90029c5f" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 30 11:01:14 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 30 15:31:28 2013 -0400" }, "message": "audit: use spin_lock_irqsave/restore in audit tty code\n\nSome of the callers of the audit tty function use spin_lock_irqsave/restore.\nWe were using the forced always enable version, which seems really bad.\nSince I don\u0027t know every one of these code paths well enough, it makes\nsense to just switch everything to the safe version. Maybe it\u0027s a\nlittle overzealous, but it\u0027s a lot better than an unlucky deadlock when\nwe return to a caller with irq enabled and they expect it to be\ndisabled.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "4d3fb709b285ac885c40950a837edbfc90029c5f", "tree": "97d57baf099cbcb48e756213cf83f06602497a01", "parents": [ "b122c3767c1d89763b4babca062c3171a71ed97c" ], "author": { "name": "Eric Paris", "email": "eparis@localhost.localdomain", "time": "Tue Apr 30 09:53:34 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 30 15:31:28 2013 -0400" }, "message": "helper for some session id stuff\n" }, { "commit": "b122c3767c1d89763b4babca062c3171a71ed97c", "tree": "6d11cbca5af63bd1ac4089895d8751f09af28823", "parents": [ "152f497b9b5940f81de3205465840a5eb316458e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 19 15:00:33 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 30 15:31:28 2013 -0400" }, "message": "audit: use a consistent audit helper to log lsm information\n\nWe have a number of places we were reimplementing the same code to write\nout lsm labels. Just do it one darn place.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "152f497b9b5940f81de3205465840a5eb316458e", "tree": "fb226da0e460bb912350478cbbb87b24a6343d31", "parents": [ "dc9eb698f441889f2d7926b1cc6f1e14f0787f00" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 19 13:56:11 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 30 15:31:28 2013 -0400" }, "message": "audit: push loginuid and sessionid processing down\n\nSince we are always current, we can push a lot of this stuff to the\nbottom and get rid of useless interfaces and arguments.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "dc9eb698f441889f2d7926b1cc6f1e14f0787f00", "tree": "acdd37f268633b38b370fe0725f57ccd0d4fcadc", "parents": [ "18900909163758baf2152c9102b1a0953f7f1c30" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 19 13:23:09 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 30 15:31:28 2013 -0400" }, "message": "audit: stop pushing loginid, uid, sessionid as arguments\n\nWe always use current. Stop pulling this when the skb comes in and\npushing it around as arguments. Just get it at the end when you need\nit.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "18900909163758baf2152c9102b1a0953f7f1c30", "tree": "0b5c2920d599911c39c78f021da34f71c1ca021e", "parents": [ "ab61d38ed8cf670946d12dc46b9198b521c790ea" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 18 19:16:36 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 30 15:31:28 2013 -0400" }, "message": "audit: remove the old depricated kernel interface\n\nWe used to have an inflexible mechanism to add audit rules to the\nkernel. It hasn\u0027t been used in a long time. Get rid of that stuff.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "13f51e1c3fbebeab801f768f433067ff075dea5a", "tree": "ce4c99e262771b82f3c5213d7c0a0a5dc87d5207", "parents": [ "3f68613f39cdc242fa2e872ac04a802e7cc7b7cb" ], "author": { "name": "Gao feng", "email": "gaofeng@cn.fujitsu.com", "time": "Mon Apr 29 15:05:14 2013 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Apr 29 15:54:26 2013 -0700" }, "message": "audit: don\u0027t check if kauditd is valid every time\n\nWe only need to check if kauditd is valid after we start it, if kauditd\nis invalid, we will set kauditd_task to NULL. So next time, we will\nstart kauditd again.\n\nIt means if kauditd_task is not NULL,it must be valid.\n\nSigned-off-by: Gao feng \u003cgaofeng@cn.fujitsu.com\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "62062cf8a3a99a933efdac549da380f230dbe982", "tree": "8da676d774d02c3c8f0093e7f2586719072f522f", "parents": [ "34c474de7b4bd451396d67647ac728b0433379a9" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 16 13:08:43 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Apr 16 17:28:49 2013 -0400" }, "message": "audit: allow checking the type of audit message in the user filter\n\nWhen userspace sends messages to the audit system it includes a type.\nWe want to be able to filter messages based on that type without have to\ndo the all or nothing option currently available on the\nAUDIT_FILTER_TYPE filter list. Instead we should be able to use the\nAUDIT_FILTER_USER filter list and just use the message type as one part\nof the matching decision.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "f7616102d6f62d51cffb796d4672ad81fef00fea", "tree": "c9bb4f2019294b6b956f6ee3407f6d6624b96a62", "parents": [ "e2c5adc88a0ffd4a715f630c3b83a1d5cbfd1cff" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 11 11:25:00 2013 -0400" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Apr 11 11:26:03 2013 -0400" }, "message": "audit: use data\u003d not msg\u003d for AUDIT_USER_TTY messages\n\nUserspace parsing libraries assume that msg\u003d is only for userspace audit\nrecords, not for user tty records. Make this consistent with the other\ntty records.\n\nReported-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6ff5e45985c2fcb97947818f66d1eeaf9d6600b2", "tree": "25aac77a82c806eaf75708d9aa7e477f27acb2c4", "parents": [ "3320c5133dd83df58b8fbc529b5419e02ca16fe6" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Thu Jan 24 13:15:12 2013 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 08 16:19:18 2013 -0400" }, "message": "audit: move kaudit thread start from auditd registration to kaudit init\n\nThe kauditd_thread() task was started only after the auditd userspace daemon\nregisters itself with kaudit. This was fine when only auditd consumed messages\nfrom the kaudit netlink unicast socket. With the addition of a multicast group\nto that socket it is more convenient to have the thread start on init of the\nkaudit kernel subsystem.\n\nSigned-off-by: Richard Guy Briggs \u003crbriggs@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "3320c5133dd83df58b8fbc529b5419e02ca16fe6", "tree": "caeea9a779ec727ff23ba4f4bf15559654ed4d10", "parents": [ "b551d1d98197b7dd58fc3ead8d4d01830c09567d" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Thu Jan 24 13:15:11 2013 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 08 16:19:17 2013 -0400" }, "message": "audit: flatten kauditd_thread wait queue code\n\nThe wait queue control code in kauditd_thread() was nested deeper than\nnecessary. The function has been flattened for better legibility.\n\nSigned-off-by: Richard Guy Briggs \u003crbriggs@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b551d1d98197b7dd58fc3ead8d4d01830c09567d", "tree": "7ed1df39882cc12be1767b52eab35bdbb2d72312", "parents": [ "37eebe39c9731a76535f08de455db97eb93894ae" ], "author": { "name": "Richard Guy Briggs", "email": "rgb@redhat.com", "time": "Thu Jan 24 13:15:10 2013 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Apr 08 16:19:16 2013 -0400" }, "message": "audit: refactor hold queue flush\n\nThe hold queue flush code is an autonomous chunk of code that can be\nrefactored, removed from kauditd_thread() into flush_hold_queue() and\nflattenned for better legibility.\n\nSigned-off-by: Richard Guy Briggs \u003crbriggs@redhat.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2851da57036f4242df344eb60735670211ee7562", "tree": "198febc3b2baa9f3337832daec880ac331723975", "parents": [ "c60ee67f45b3aa5dfbfe39bfe0b9e65459dc5ec7" ], "author": { "name": "Alexandru Copot", "email": "alex.mihai.c@gmail.com", "time": "Thu Mar 28 23:31:29 2013 +0200" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Mar 28 17:40:08 2013 -0400" }, "message": "audit: pass int* to nlmsg_next\n\nCommit 941912133025926307c7a65b203fa38403b1063a replaced the macros\nNLMSG_NEXT with calls to nlmsg_next which produces this warning:\n\nkernel/audit.c: In function ‘audit_receive_skb’:\nkernel/audit.c:928:3: warning: passing argument 2 of ‘nlmsg_next’ makes pointer from integer without a cast\nIn file included from include/net/rtnetlink.h:5:0,\n from include/net/neighbour.h:28,\n from include/net/dst.h:17,\n from include/net/sock.h:68,\n from kernel/audit.c:55:\ninclude/net/netlink.h:359:1: note: expected ‘int *’ but argument is of type ‘int’\n\nFix this by sending the intended pointer.\n\nSigned-off-by: Alexandru Copot \u003calex.mihai.c@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "941912133025926307c7a65b203fa38403b1063a", "tree": "b0db217873ae6bfbeca986f9ff9c2490423fbfe5", "parents": [ "573ce260b385a4d14a1ef046558fad9f1daeee42" ], "author": { "name": "Hong zhi guo", "email": "honkiko@gmail.com", "time": "Wed Mar 27 06:49:06 2013 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Mar 28 14:25:49 2013 -0400" }, "message": "audit: replace obsolete NLMSG_* with type safe nlmsg_*\n\nSigned-off-by: Hong Zhiguo \u003chonkiko@gmail.com\u003e\nAcked-by: Thomas Graf \u003ctgraf@suug.ch\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "829199197a430dade2519d54f5545c4a094393b8", "tree": "af50ca9af09b83fd2a5c76cad35bd0603eb33391", "parents": [ "0644ec0cc8a33fb654e348897ad7684e22a4b5d8" ], "author": { "name": "Andrew Morton", "email": "akpm@linux-foundation.org", "time": "Fri Jan 11 14:32:11 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 11 14:54:56 2013 -0800" }, "message": "kernel/audit.c: avoid negative sleep durations\n\naudit_log_start() performs the same jiffies comparison in two places.\nIf sufficient time has elapsed between the two comparisons, the second\none produces a negative sleep duration:\n\n schedule_timeout: wrong timeout value fffffffffffffff0\n Pid: 6606, comm: trinity-child1 Not tainted 3.8.0-rc1+ #43\n Call Trace:\n schedule_timeout+0x305/0x340\n audit_log_start+0x311/0x470\n audit_log_exit+0x4b/0xfb0\n __audit_syscall_exit+0x25f/0x2c0\n sysret_audit+0x17/0x21\n\nFix it by performing the comparison a single time.\n\nReported-by: Dave Jones \u003cdavej@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nReviewed-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0644ec0cc8a33fb654e348897ad7684e22a4b5d8", "tree": "95a0532a89fdd148593c4bd52faa055d308e3380", "parents": [ "7b9205bd775afc4439ed86d617f9042ee9e76a71" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Fri Jan 11 14:32:07 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 11 14:54:55 2013 -0800" }, "message": "audit: catch possible NULL audit buffers\n\nIt\u0027s possible for audit_log_start() to return NULL. Handle it in the\nvarious callers.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Jeff Layton \u003cjlayton@redhat.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Julien Tinnes \u003cjln@google.com\u003e\nCc: Will Drewry \u003cwad@google.com\u003e\nCc: Steve Grubb \u003csgrubb@redhat.com\u003e\nCc: Andrea Arcangeli \u003caarcange@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d1c7d97ad58836affde6e39980b96527510b572e", "tree": "4020ac7f88154d5dd919fdf371472ea9153a656e", "parents": [ "ffd8d101a3a7d3f2e79deee1e342801703b6dc70" ], "author": { "name": "Sasha Levin", "email": "sasha.levin@oracle.com", "time": "Thu Oct 04 19:57:31 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Oct 09 23:33:37 2012 -0400" }, "message": "fs: handle failed audit_log_start properly\n\naudit_log_start() may return NULL, this is unchecked by the caller in\naudit_log_link_denied() and could cause a NULL ptr deref.\n\nIntroduced by commit a51d9eaa (\"fs: add link restriction audit reporting\").\n\nSigned-off-by: Sasha Levin \u003csasha.levin@oracle.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "aecdc33e111b2c447b622e287c6003726daa1426", "tree": "3e7657eae4b785e1a1fb5dfb225dbae0b2f0cfc6", "parents": [ "a20acf99f75e49271381d65db097c9763060a1e8", "a3a6cab5ea10cca64d036851fe0d932448f2fe4f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 13:38:27 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 13:38:27 2012 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next\n\nPull networking changes from David Miller:\n\n 1) GRE now works over ipv6, from Dmitry Kozlov.\n\n 2) Make SCTP more network namespace aware, from Eric Biederman.\n\n 3) TEAM driver now works with non-ethernet devices, from Jiri Pirko.\n\n 4) Make openvswitch network namespace aware, from Pravin B Shelar.\n\n 5) IPV6 NAT implementation, from Patrick McHardy.\n\n 6) Server side support for TCP Fast Open, from Jerry Chu and others.\n\n 7) Packet BPF filter supports MOD and XOR, from Eric Dumazet and Daniel\n Borkmann.\n\n 8) Increate the loopback default MTU to 64K, from Eric Dumazet.\n\n 9) Use a per-task rather than per-socket page fragment allocator for\n outgoing networking traffic. This benefits processes that have very\n many mostly idle sockets, which is quite common.\n\n From Eric Dumazet.\n\n10) Use up to 32K for page fragment allocations, with fallbacks to\n smaller sizes when higher order page allocations fail. Benefits are\n a) less segments for driver to process b) less calls to page\n allocator c) less waste of space.\n\n From Eric Dumazet.\n\n11) Allow GRO to be used on GRE tunnels, from Eric Dumazet.\n\n12) VXLAN device driver, one way to handle VLAN issues such as the\n limitation of 4096 VLAN IDs yet still have some level of isolation.\n From Stephen Hemminger.\n\n13) As usual there is a large boatload of driver changes, with the scale\n perhaps tilted towards the wireless side this time around.\n\nFix up various fairly trivial conflicts, mostly caused by the user\nnamespace changes.\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1012 commits)\n hyperv: Add buffer for extended info after the RNDIS response message.\n hyperv: Report actual status in receive completion packet\n hyperv: Remove extra allocated space for recv_pkt_list elements\n hyperv: Fix page buffer handling in rndis_filter_send_request()\n hyperv: Fix the missing return value in rndis_filter_set_packet_filter()\n hyperv: Fix the max_xfer_size in RNDIS initialization\n vxlan: put UDP socket in correct namespace\n vxlan: Depend on CONFIG_INET\n sfc: Fix the reported priorities of different filter types\n sfc: Remove EFX_FILTER_FLAG_RX_OVERRIDE_IP\n sfc: Fix loopback self-test with separate_tx_channels\u003d1\n sfc: Fix MCDI structure field lookup\n sfc: Add parentheses around use of bitfield macro arguments\n sfc: Fix null function pointer in efx_sriov_channel_type\n vxlan: virtual extensible lan\n igmp: export symbol ip_mc_leave_group\n netlink: add attributes to fdb interface\n tg3: unconditionally select HWMON support when tg3 is enabled.\n Revert \"net: ti cpsw ethernet: allow reading phy interface mode from DT\"\n gre: fix sparse warning\n ...\n" }, { "commit": "cca080d9b622094831672a136e5ee4f702d116b1", "tree": "7a8238c1c0a0d4de682e0ebb97dc06ab3a18fdb5", "parents": [ "e1760bd5ffae8cb98cffb030ee8e631eba28f3d8" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Feb 07 16:53:48 2012 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Sep 18 01:00:26 2012 -0700" }, "message": "userns: Convert audit to work with user namespaces enabled\n\n- Explicitly format uids gids in audit messges in the initial user\n namespace. This is safe because auditd is restrected to be in\n the initial user namespace.\n\n- Convert audit_sig_uid into a kuid_t.\n\n- Enable building the audit code and user namespaces at the same time.\n\nThe net result is that the audit subsystem now uses kuid_t and kgid_t whenever\npossible making it almost impossible to confuse a raw uid_t with a kuid_t\npreventing bugs.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "e1760bd5ffae8cb98cffb030ee8e631eba28f3d8", "tree": "4694a60b407c418bf7de4b97355dc3bd0e6c6559", "parents": [ "ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 10 22:39:43 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:08:54 2012 -0700" }, "message": "userns: Convert the audit loginuid to be a kuid\n\nAlways store audit loginuids in type kuid_t.\n\nPrint loginuids by converting them into uids in the appropriate user\nnamespace, and then printing the resulting uid.\n\nModify audit_get_loginuid to return a kuid_t.\n\nModify audit_set_loginuid to take a kuid_t.\n\nModify /proc/\u003cpid\u003e/loginuid on read to convert the loginuid into the\nuser namespace of the opener of the file.\n\nModify /proc/\u003cpid\u003e/loginud on write to convert the loginuid\nrom the user namespace of the opener of the file.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Paul Moore \u003cpaul@paul-moore.com\u003e ?\nCc: David Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "860c0aaff75e714c21d325f32d36a37572b4fffb", "tree": "2cbe5e79108da3a44ba5e5af7fbe07d22f1ed35a", "parents": [ "017143fecb3364e5fed8107d206799899f5dd684" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Sep 11 00:24:49 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:07:40 2012 -0700" }, "message": "audit: Don\u0027t pass pid or uid to audit_log_common_recv_msg\n\nThe only place we use the uid and the pid that we calculate in\naudit_receive_msg is in audit_log_common_recv_msg so move the\ncalculation of these values into the audit_log_common_recv_msg.\n\nSimplify the calcuation of the current pid and uid by\nreading them from current instead of reading them from\nNETLINK_CREDS.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "017143fecb3364e5fed8107d206799899f5dd684", "tree": "b0dcb667e86fb479a0f03e1489144507fe4bda26", "parents": [ "35ce9888ad2a60c95849551e7345bd547714bbff" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Sep 11 00:19:06 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:07:07 2012 -0700" }, "message": "audit: Remove the unused uid parameter from audit_receive_filter\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "35ce9888ad2a60c95849551e7345bd547714bbff", "tree": "fe2b6e151fc9a735faebe05a57506295becfddf2", "parents": [ "8aa14b64981ee4b95959e1ed331b672d053aab62" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Sep 11 00:12:29 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:06:14 2012 -0700" }, "message": "audit: Properly set the origin port id of audit messages.\n\nFor user generated audit messages set the portid field in the netlink\nheader to the netlink port where the user generated audit message came\nfrom. Reporting the process id in a port id field was just nonsense.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "8aa14b64981ee4b95959e1ed331b672d053aab62", "tree": "961b0db4505ea2885562a0fd230bf67503f5cd28", "parents": [ "f95732e2e0a649c148be0242b72e3c7473092687" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 10 23:43:14 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:04:33 2012 -0700" }, "message": "audit: Simply AUDIT_TTY_SET and AUDIT_TTY_GET\n\nUse current instead of looking up the current up the current task by\nprocess identifier. Netlink requests are processed in trhe context of\nthe sending task so this is safe.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "f95732e2e0a649c148be0242b72e3c7473092687", "tree": "3bcc942e4456bc95ac43ccdf619425aa24f00873", "parents": [ "02276bda4a2bf094fcde89fb5db4d9e86347ebf4" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 10 23:31:17 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:03:59 2012 -0700" }, "message": "audit: kill audit_prepare_user_tty\n\nNow that netlink messages are processed in the context of the sender\ntty_audit_push_task can be called directly and audit_prepare_user_tty\nwhich only added looking up the task of the tty by process id is\nnot needed.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "02276bda4a2bf094fcde89fb5db4d9e86347ebf4", "tree": "7f06da4dd9757c353133b9c512334daf96cfec1e", "parents": [ "34e36d8ecbd958bc15f8e63deade1227de337eb1" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 10 23:10:16 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:03:31 2012 -0700" }, "message": "audit: Use current instead of NETLINK_CREDS() in audit_filter\n\nGet caller process uid and gid and pid values from the current task\ninstead of the NETLINK_CB. This is simpler than passing NETLINK_CREDS\nfrom from audit_receive_msg to audit_filter_user_rules and avoid the\nchance of being hit by the occassional bugs in netlink uid/gid\ncredential passing. This is a safe changes because all netlink\nrequests are processed in the task of the sending process.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "34e36d8ecbd958bc15f8e63deade1227de337eb1", "tree": "2b6f98480e7a035c2910e39d68ca1ff453a98f89", "parents": [ "c6089735e7243a10faad676680c6e18d50959f74" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 10 23:20:20 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 17:38:42 2012 -0700" }, "message": "audit: Limit audit requests to processes in the initial pid and user namespaces.\n\nThis allows the code to safely make the assumption that all of the\nuids gids and pids that need to be send in audit messages are in the\ninitial namespaces.\n\nIf someone cares we may lift this restriction someday but start with\nlimiting access so at least the code is always correct.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "15e473046cb6e5d18a4d0057e61d76315230382b", "tree": "893d2df5d46a6ce156933ac57a1398f0ad22b889", "parents": [ "9f00d9776bc5beb92e8bfc884a7e96ddc5589e2e" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Fri Sep 07 20:12:54 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Sep 10 15:30:41 2012 -0400" }, "message": "netlink: Rename pid to portid to avoid confusion\n\nIt is a frequent mistake to confuse the netlink port identifier with a\nprocess identifier. Try to reduce this confusion by renaming fields\nthat hold port identifiers portid instead of pid.\n\nI have carefully avoided changing the structures exported to\nuserspace to avoid changing the userspace API.\n\nI have successfully built an allyesconfig kernel with this change.\n\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "9f00d9776bc5beb92e8bfc884a7e96ddc5589e2e", "tree": "2a9f9513a13c73cb1196ebe3426389c1140e2888", "parents": [ "9785e10aedfa0fad5c1aac709dce5ada1b123783" ], "author": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Sat Sep 08 02:53:54 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Sep 08 18:46:30 2012 -0400" }, "message": "netlink: hide struct module parameter in netlink_kernel_create\n\nThis patch defines netlink_kernel_create as a wrapper function of\n__netlink_kernel_create to hide the struct module *me parameter\n(which seems to be THIS_MODULE in all existing netlink subsystems).\n\nSuggested by David S. Miller.\n\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a0e881b7c189fa2bd76c024dbff91e79511c971d", "tree": "0c801918565b08921d21aceee5b326f64d998f5f", "parents": [ "eff0d13f3823f35d70228cd151d2a2c89288ff32", "dbc6e0222d79e78925fe20733844a796a4b72cf9" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 01 10:26:23 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Aug 01 10:26:23 2012 -0700" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs\n\nPull second vfs pile from Al Viro:\n \"The stuff in there: fsfreeze deadlock fixes by Jan (essentially, the\n deadlock reproduced by xfstests 068), symlink and hardlink restriction\n patches, plus assorted cleanups and fixes.\n\n Note that another fsfreeze deadlock (emergency thaw one) is *not*\n dealt with - the series by Fernando conflicts a lot with Jan\u0027s, breaks\n userland ABI (FIFREEZE semantics gets changed) and trades the deadlock\n for massive vfsmount leak; this is going to be handled next cycle.\n There probably will be another pull request, but that stuff won\u0027t be\n in it.\"\n\nFix up trivial conflicts due to unrelated changes next to each other in\ndrivers/{staging/gdm72xx/usb_boot.c, usb/gadget/storage_common.c}\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (54 commits)\n delousing target_core_file a bit\n Documentation: Correct s_umount state for freeze_fs/unfreeze_fs\n fs: Remove old freezing mechanism\n ext2: Implement freezing\n btrfs: Convert to new freezing mechanism\n nilfs2: Convert to new freezing mechanism\n ntfs: Convert to new freezing mechanism\n fuse: Convert to new freezing mechanism\n gfs2: Convert to new freezing mechanism\n ocfs2: Convert to new freezing mechanism\n xfs: Convert to new freezing code\n ext4: Convert to new freezing mechanism\n fs: Protect write paths by sb_start_write - sb_end_write\n fs: Skip atime update on frozen filesystem\n fs: Add freezing handling to mnt_want_write() / mnt_drop_write()\n fs: Improve filesystem freezing handling\n switch the protection of percpu_counter list to spinlock\n nfsd: Push mnt_want_write() outside of i_mutex\n btrfs: Push mnt_want_write() outside of i_mutex\n fat: Push mnt_want_write() outside of i_mutex\n ...\n" }, { "commit": "a51d9eaa41866ab6b4b6ecad7b621f8b66ece0dc", "tree": "f8ab532f946ec7f9ccdabb6a394d952981084122", "parents": [ "800179c9b8a1e796e441674776d11cd4c05d61d7" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Wed Jul 25 17:29:08 2012 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 29 21:43:08 2012 +0400" }, "message": "fs: add link restriction audit reporting\n\nAdds audit messages for unexpected link restriction violations so that\nsystem owners will have some sort of potentially actionable information\nabout misbehaving processes.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a31f2d17b331db970259e875b7223d3aba7e3821", "tree": "0d10021be81446ab360f4240b0d16729f518387f", "parents": [ "dd7f36ba3ce17d4fe85987d83efd5901b0935816" ], "author": { "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org", "time": "Fri Jun 29 06:15:21 2012 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Jun 29 16:46:02 2012 -0700" }, "message": "netlink: add netlink_kernel_cfg parameter to netlink_kernel_create\n\nThis patch adds the following structure:\n\nstruct netlink_kernel_cfg {\n unsigned int groups;\n void (*input)(struct sk_buff *skb);\n struct mutex *cb_mutex;\n};\n\nThat can be passed to netlink_kernel_create to set optional configurations\nfor netlink kernel sockets.\n\nI\u0027ve populated this structure by looking for NULL and zero parameters at the\nexisting code. The remaining parameters that always need to be set are still\nleft in the original interface.\n\nThat includes optional parameters for the netlink socket creation. This allows\neasy extensibility of this interface in the future.\n\nThis patch also adapts all callers to use this new interface.\n\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c64e66c67b574f25a048886807c2007d17d50d0a", "tree": "db193766a1246bcff49de9f8b8b2a286979e3299", "parents": [ "e05273341c573f7b543f45c06e4a232c5b7c5a59" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Jun 26 21:45:21 2012 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Jun 26 21:54:14 2012 -0700" }, "message": "audit: netlink: Move away from NLMSG_NEW().\n\nAnd use nlmsg_data() while we\u0027re here too.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "66b3fad3f4c535c92b6a1184d535a97d6aa5d82a", "tree": "e0ac7f847b760b9e8b9777df27cd1581099935a2", "parents": [ "9fcf03d0d6e845ed495fc8b1ec328b473ff298b3" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 14 21:48:20 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 20 21:29:40 2012 -0400" }, "message": "constify path argument of audit_log_d_path()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f429ee3b808118591d1f3cdf3c0d0793911a5677", "tree": "96d848f5f677d96758ecd2aee5eb6931b75bf218", "parents": [ "22b4eb5e3174efb49791c62823d0cccc35394c36", "c158a35c8a681cf68d36f22f058f9f5466386c71" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 17 16:06:51 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 17 16:41:31 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit: (29 commits)\n audit: no leading space in audit_log_d_path prefix\n audit: treat s_id as an untrusted string\n audit: fix signedness bug in audit_log_execve_info()\n audit: comparison on interprocess fields\n audit: implement all object interfield comparisons\n audit: allow interfield comparison between gid and ogid\n audit: complex interfield comparison helper\n audit: allow interfield comparison in audit rules\n Kernel: Audit Support For The ARM Platform\n audit: do not call audit_getname on error\n audit: only allow tasks to set their loginuid if it is -1\n audit: remove task argument to audit_set_loginuid\n audit: allow audit matching on inode gid\n audit: allow matching on obj_uid\n audit: remove audit_finish_fork as it can\u0027t be called\n audit: reject entry,always rules\n audit: inline audit_free to simplify the look of generic code\n audit: drop audit_set_macxattr as it doesn\u0027t do anything\n audit: inline checks for not needing to collect aux records\n audit: drop some potentially inadvisable likely notations\n ...\n\nUse evil merge to fix up grammar mistakes in Kconfig file.\n\nBad speling and horrible grammar (and copious swearing) is to be\nexpected, but let\u0027s keep it to commit messages and comments, rather than\nexpose it to users in config help texts or printouts.\n" }, { "commit": "c158a35c8a681cf68d36f22f058f9f5466386c71", "tree": "54a7fe4d21a30848539b2bf94c885f0a0b123717", "parents": [ "41fdc3054e23e3229edea27053522fe052d02ec2" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Fri Jan 06 14:07:10 2012 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:17:04 2012 -0500" }, "message": "audit: no leading space in audit_log_d_path prefix\n\naudit_log_d_path() injects an additional space before the prefix,\nwhich serves no purpose and doesn\u0027t mix well with other audit_log*()\nfunctions that do not sneak extra characters into the log.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "3035c51e8ac0512686ceb9f2bd1d13bdc6e4fb29", "tree": "7c26ee810b6d6678f960cf1bb5880055ac4c793f", "parents": [ "5195d8e217a78697152d64fc09a16e063a022465" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:05 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:16:54 2012 -0500" }, "message": "audit: drop the meaningless and format breaking word \u0027user\u0027\n\nuserspace audit messages look like so:\n\ntype\u003dUSER msg\u003daudit(1271170549.415:24710): user pid\u003d14722 uid\u003d0 auid\u003d500 ses\u003d1 subj\u003dunconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 msg\u003d\u0027\u0027\n\nThat third field just says \u0027user\u0027. That\u0027s useless and doesn\u0027t follow the\nkey\u003dvalue pair we are trying to enforce. We already know it came from the\nuser based on the record type. Kill that word. Die.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "c49c41a4134679cecb77362e7f6b59acb6320aa7", "tree": "45e690c036ca5846a48c8be67945d1d841b2d96d", "parents": [ "892d208bcf79e4e1058707786a7b6d486697cd78", "f423e5ba76e7e4a6fcb4836b4f072d1fdebba8b5" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Jan 14 18:36:33 2012 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security\n\n* \u0027for-linus\u0027 of git://selinuxproject.org/~jmorris/linux-security:\n capabilities: remove __cap_full_set definition\n security: remove the security_netlink_recv hook as it is equivalent to capable()\n ptrace: do not audit capability check when outputing /proc/pid/stat\n capabilities: remove task_ns_* functions\n capabitlies: ns_capable can use the cap helpers rather than lsm call\n capabilities: style only - move capable below ns_capable\n capabilites: introduce new has_ns_capabilities_noaudit\n capabilities: call has_ns_capability from has_capability\n capabilities: remove all _real_ interfaces\n capabilities: introduce security_capable_noaudit\n capabilities: reverse arguments to security_capable\n capabilities: remove the task from capable LSM hook entirely\n selinux: sparse fix: fix several warnings in the security server cod\n selinux: sparse fix: fix warnings in netlink code\n selinux: sparse fix: eliminate warnings for selinuxfs\n selinux: sparse fix: declare selinux_disable() in security.h\n selinux: sparse fix: move selinux_complete_init\n selinux: sparse fix: make selinux_secmark_refcount static\n SELinux: Fix RCU deref check warning in sel_netport_insert()\n\nManually fix up a semantic mis-merge wrt security_netlink_recv():\n\n - the interface was removed in commit fd7784615248 (\"security: remove\n the security_netlink_recv hook as it is equivalent to capable()\")\n\n - a new user of it appeared in commit a38f7907b926 (\"crypto: Add\n userspace configuration API\")\n\ncausing no automatic merge conflict, but Eric Paris pointed out the\nissue.\n" }, { "commit": "a0e86bd4252519321b0d102dc4ed90557aa7bee9", "tree": "13c3cb632dfb85ea6b9f5c20273d793a99b20f15", "parents": [ "7dd72f5189b257f927cc3b35d98643a5c392f5c3" ], "author": { "name": "Jesper Juhl", "email": "jj@chaosbits.net", "time": "Sun Jan 08 22:44:29 2012 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sun Jan 08 14:15:21 2012 -0800" }, "message": "audit: always follow va_copy() with va_end()\n\nA call to va_copy() should always be followed by a call to va_end() in\nthe same function. In kernel/autit.c::audit_log_vformat() this is not\nalways done. This patch makes sure va_end() is always called.\n\nSigned-off-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "fd778461524849afd035679030ae8e8873c72b81", "tree": "32a5849c1879413fce0307af304e372eaa8225b4", "parents": [ "69f594a38967f4540ce7a29b3fd214e68a8330bd" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 12:25:16 2012 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jan 05 18:53:01 2012 -0500" }, "message": "security: remove the security_netlink_recv hook as it is equivalent to capable()\n\nOnce upon a time netlink was not sync and we had to get the effective\ncapabilities from the skb that was being received. Today we instead get\nthe capabilities from the current task. This has rendered the entire\npurpose of the hook moot as it is now functionally equivalent to the\ncapable() call.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" } ], "next": "9984de1a5a8a96275fcab818f7419af5a3c86e71" }