)]}' { "log": [ { "commit": "c0a3a20b6c4b5229ef5d26fd9b1c4b1957632aa7", "tree": "3809e683c054ba7e285db493aad31132e7ea9681", "parents": [ "829199197a430dade2519d54f5545c4a094393b8" ], "author": { "name": "Mike Frysinger", "email": "vapier@gentoo.org", "time": "Fri Jan 11 14:32:13 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 11 14:54:56 2013 -0800" }, "message": "linux/audit.h: move ptrace.h include to kernel header\n\nWhile the kernel internals want pt_regs (and so it includes\nlinux/ptrace.h), the user version of audit.h does not need it. So move\nthe include out of the uapi version.\n\nThis avoids issues where people want the audit defines and userland\nptrace api. Including both the kernel ptrace and the userland ptrace\nheaders can easily lead to failure.\n\nSigned-off-by: Mike Frysinger \u003cvapier@gentoo.org\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nReviewed-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7b9205bd775afc4439ed86d617f9042ee9e76a71", "tree": "cfb91447f15301d7daccc73bda12a63fde6a229d", "parents": [ "56ca9d98772c68368c929ab41d42108319a38da2" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Fri Jan 11 14:32:05 2013 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 11 14:54:55 2013 -0800" }, "message": "audit: create explicit AUDIT_SECCOMP event type\n\nThe seccomp path was using AUDIT_ANOM_ABEND from when seccomp mode 1\ncould only kill a process. While we still want to make sure an audit\nrecord is forced on a kill, this should use a separate record type since\nseccomp mode 2 introduces other behaviors.\n\nIn the case of \"handled\" behaviors (process wasn\u0027t killed), only emit a\nrecord if the process is under inspection. This change also fixes\nuserspace examination of seccomp audit events, since it was considered\nmalformed due to missing fields of the AUDIT_ANOM_ABEND event type.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Jeff Layton \u003cjlayton@redhat.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Julien Tinnes \u003cjln@google.com\u003e\nAcked-by: Will Drewry \u003cwad@chromium.org\u003e\nAcked-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nCc: Andrea Arcangeli \u003caarcange@redhat.com\u003e\nCc: \u003cstable@vger.kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "607ca46e97a1b6594b29647d98a32d545c24bdff", "tree": "30f4c0784bfddb57332cdc0678bd06d1e77fa185", "parents": [ "08cce05c5a91f5017f4edc9866cf026908c73f9f" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Sat Oct 13 10:46:48 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Sat Oct 13 10:46:48 2012 +0100" }, "message": "UAPI: (Scripted) Disintegrate include/linux\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nAcked-by: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nAcked-by: Michael Kerrisk \u003cmtk.manpages@gmail.com\u003e\nAcked-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nAcked-by: Dave Jones \u003cdavej@redhat.com\u003e\n" }, { "commit": "18a022de47bc11ee20d7d0f4dd72d42d2cfdc51c", "tree": "84e178e4e475400f8e9a5c74f1e2cb35ee17fca4", "parents": [ "02a650e2820e19fde8f6a49752027217fdd33d78", "d23b5799b608112bb799c9b0e1e11ee1da692d76" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 13 11:25:41 2012 +0900" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 13 11:25:41 2012 +0900" }, "message": "Merge tag \u0027for-3.7\u0027 of git://openrisc.net/jonas/linux\n\nPull OpenRISC updates from Jonas Bonn:\n \"Fixups for some corner cases, build issues, and some obvious bugs in\n IRQ handling. No major changes.\"\n\n* tag \u0027for-3.7\u0027 of git://openrisc.net/jonas/linux:\n openrisc: mask interrupts in irq_mask_ack function\n openrisc: fix typos in comments and warnings\n openrisc: PIC should act on domain-local irqs\n openrisc: Make cpu_relax() invoke barrier()\n audit: define AUDIT_ARCH_OPENRISC\n openrisc: delay: fix handling of counter overflow\n openrisc: delay: fix loops calculation for __const_udelay\n" }, { "commit": "adb5c2473d3f91526c79db972aafb20a56d3fbb3", "tree": "f0427a11a91af2f5a5d0037ce52c32633019120b", "parents": [ "669abf4e5539c8aa48bf28c965be05c0a7b58a27" ], "author": { "name": "Jeff Layton", "email": "jlayton@redhat.com", "time": "Wed Oct 10 16:43:13 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 12 20:15:09 2012 -0400" }, "message": "audit: make audit_inode take struct filename\n\nKeep a pointer to the audit_names \"slot\" in struct filename.\n\nHave all of the audit_inode callers pass a struct filename ponter to\naudit_inode instead of a string pointer. If the aname field is already\npopulated, then we can skip walking the list altogether and just use it\ndirectly.\n\nSigned-off-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7ac86265dc8f665cc49d6e60a125e608cd2fca14", "tree": "9e7941e2d8dfb2106c5fb28504531dafc72e14e6", "parents": [ "91a27b2a756784714e924e5e854b919273082d26" ], "author": { "name": "Jeff Layton", "email": "jlayton@redhat.com", "time": "Wed Oct 10 15:25:28 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 12 20:15:08 2012 -0400" }, "message": "audit: allow audit code to satisfy getname requests from its names_list\n\nCurrently, if we call getname() on a userland string more than once,\nwe\u0027ll get multiple copies of the string and multiple audit_names\nrecords.\n\nAdd a function that will allow the audit_names code to satisfy getname\nrequests using info from the audit_names list, avoiding a new allocation\nand audit_names records.\n\nSigned-off-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "91a27b2a756784714e924e5e854b919273082d26", "tree": "3913246b7d6e62703ec915f481e3a7159393f0f0", "parents": [ "8e377d15078a501c4da98471f56396343c407d92" ], "author": { "name": "Jeff Layton", "email": "jlayton@redhat.com", "time": "Wed Oct 10 15:25:28 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 12 20:14:55 2012 -0400" }, "message": "vfs: define struct filename and have getname() return it\n\ngetname() is intended to copy pathname strings from userspace into a\nkernel buffer. The result is just a string in kernel space. It would\nhowever be quite helpful to be able to attach some ancillary info to\nthe string.\n\nFor instance, we could attach some audit-related info to reduce the\namount of audit-related processing needed. When auditing is enabled,\nwe could also call getname() on the string more than once and not\nneed to recopy it from userspace.\n\nThis patchset converts the getname()/putname() interfaces to return\na struct instead of a string. For now, the struct just tracks the\nstring in kernel space and the original userland pointer for it.\n\nLater, we\u0027ll add other information to the struct as it becomes\nconvenient.\n\nSigned-off-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4fa6b5ecbf092c6ee752ece8a55d71f663d23254", "tree": "6143912dc73b457a3be72faf31d46d855d3f87c3", "parents": [ "e3d6b07b8ba161f638b026feba0c3c97875d7f1c" ], "author": { "name": "Jeff Layton", "email": "jlayton@redhat.com", "time": "Wed Oct 10 15:25:25 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 12 00:32:03 2012 -0400" }, "message": "audit: overhaul __audit_inode_child to accomodate retrying\n\nIn order to accomodate retrying path-based syscalls, we need to add a\nnew \"type\" argument to audit_inode_child. This will tell us whether\nwe\u0027re looking for a child entry that represents a create or a delete.\n\nIf we find a parent, don\u0027t automatically assume that we need to create a\nnew entry. Instead, use the information we have to try to find an\nexisting entry first. Update it if one is found and create a new one if\nnot.\n\nSigned-off-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "bfcec7087458812f575d9022b2d151641f34ee84", "tree": "6c0f7dd3b016992da8d113ceeaae404c6abc03a1", "parents": [ "78e2e802a8519031e5858595070b39713e26340d" ], "author": { "name": "Jeff Layton", "email": "jlayton@redhat.com", "time": "Wed Oct 10 15:25:23 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 12 00:32:01 2012 -0400" }, "message": "audit: set the name_len in audit_inode for parent lookups\n\nCurrently, this gets set mostly by happenstance when we call into\naudit_inode_child. While that might be a little more efficient, it seems\nwrong. If the syscall ends up failing before audit_inode_child ever gets\ncalled, then you\u0027ll have an audit_names record that shows the full path\nbut has the parent inode info attached.\n\nFix this by passing in a parent flag when we call audit_inode that gets\nset to the value of LOOKUP_PARENT. We can then fix up the pathname for\nthe audit entry correctly from the get-go.\n\nWhile we\u0027re at it, clean up the no-op macro for audit_inode in the\n!CONFIG_AUDITSYSCALL case.\n\nSigned-off-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "78e2e802a8519031e5858595070b39713e26340d", "tree": "92f79d2039f4119a127ab59e31a2d1c9dfb892fe", "parents": [ "c43a25abba97c7d87131e71db6be24b24d7791a5" ], "author": { "name": "Jeff Layton", "email": "jlayton@redhat.com", "time": "Wed Oct 10 15:25:22 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 12 00:32:00 2012 -0400" }, "message": "audit: add a new \"type\" field to audit_names struct\n\nFor now, we just have two possibilities:\n\nUNKNOWN: for a new audit_names record that we don\u0027t know anything about yet\nNORMAL: for everything else\n\nIn later patches, we\u0027ll add other types so we can distinguish and update\nrecords created under different circumstances.\n\nSigned-off-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c43a25abba97c7d87131e71db6be24b24d7791a5", "tree": "0fe959853254064e17805ca111838e7869720e43", "parents": [ "9cec9d68ae53aae60b4a1fca4505c75a1d026392" ], "author": { "name": "Jeff Layton", "email": "jlayton@redhat.com", "time": "Wed Oct 10 15:25:21 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 12 00:32:00 2012 -0400" }, "message": "audit: reverse arguments to audit_inode_child\n\nMost of the callers get called with an inode and dentry in the reverse\norder. The compiler then has to reshuffle the arg registers and/or\nstack in order to pass them on to audit_inode_child.\n\nReverse those arguments for a micro-optimization.\n\nReported-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9321d526dd731588f09508af48de50041785a26a", "tree": "b8db96367019c85c18e8685d8cc9225b2d0332ec", "parents": [ "ecefbd94b834fa32559d854646d777c56749ef1c" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Thu Oct 04 17:11:11 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 06 03:04:35 2012 +0900" }, "message": "audit.h: replace defines with C stubs\n\nReplace the #defines used when CONFIG_AUDIT or CONFIG_AUDIT_SYSCALLS are\ndisabled so we get type checking during those builds.\n\nSuggested-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "88265322c14cce39f7afbc416726ef4fac413298", "tree": "e4956f905ef617971f87788d8f8a09dbb66b70a3", "parents": [ "65b99c74fdd325d1ffa2e5663295888704712604", "bf5308344527d015ac9a6d2bda4ad4d40fd7d943" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Oct 02 21:38:48 2012 -0700" }, "message": "Merge branch \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security\n\nPull security subsystem updates from James Morris:\n \"Highlights:\n\n - Integrity: add local fs integrity verification to detect offline\n attacks\n - Integrity: add digital signature verification\n - Simple stacking of Yama with other LSMs (per LSS discussions)\n - IBM vTPM support on ppc64\n - Add new driver for Infineon I2C TIS TPM\n - Smack: add rule revocation for subject labels\"\n\nFixed conflicts with the user namespace support in kernel/auditsc.c and\nsecurity/integrity/ima/ima_policy.c.\n\n* \u0027next\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits)\n Documentation: Update git repository URL for Smack userland tools\n ima: change flags container data type\n Smack: setprocattr memory leak fix\n Smack: implement revoking all rules for a subject label\n Smack: remove task_wait() hook.\n ima: audit log hashes\n ima: generic IMA action flag handling\n ima: rename ima_must_appraise_or_measure\n audit: export audit_log_task_info\n tpm: fix tpm_acpi sparse warning on different address spaces\n samples/seccomp: fix 31 bit build on s390\n ima: digital signature verification support\n ima: add support for different security.ima data types\n ima: add ima_inode_setxattr/removexattr function and calls\n ima: add inode_post_setattr call\n ima: replace iint spinblock with rwlock/read_lock\n ima: allocating iint improvements\n ima: add appraise action keywords and default rules\n ima: integrity appraisal extension\n vfs: move ima_file_free before releasing the file\n ...\n" }, { "commit": "e2bebb4ae6d9ac4ffc524db67f7ecb205a173f77", "tree": "d34c284f1e0a78cfd1eb01d339f6ebb2529a32ea", "parents": [ "807607f79b9d0ed81561746e4e1121905e75cf0f" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Thu Sep 20 15:46:06 2012 -0700" }, "committer": { "name": "Jonas Bonn", "email": "jonas@southpole.se", "time": "Fri Sep 21 08:09:54 2012 +0200" }, "message": "audit: define AUDIT_ARCH_OPENRISC\n\nWhen using audit on OpenRISC, an audit arch is needed. This defines\nit and fixes a compile-time bug uncovered in linux-next, likely from a\ncut/paste from an arch with 64/32-bit modes that defined arch_arch():\narch/openrisc/kernel/ptrace.c:190:2: error: implicit declaration of function \u0027audit_arch\u0027\n\nThis replaces it with the newly defined AUDIT_ARCH_OPENRISC, since it\nis only 32-bit, and currently only operates in big-endian mode.\n\nReported-by: Geert Uytterhoeven \u003cgeert@linux-m68k.org\u003e\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Jonas Bonn \u003cjonas@southpole.se\u003e\n" }, { "commit": "e1760bd5ffae8cb98cffb030ee8e631eba28f3d8", "tree": "4694a60b407c418bf7de4b97355dc3bd0e6c6559", "parents": [ "ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 10 22:39:43 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:08:54 2012 -0700" }, "message": "userns: Convert the audit loginuid to be a kuid\n\nAlways store audit loginuids in type kuid_t.\n\nPrint loginuids by converting them into uids in the appropriate user\nnamespace, and then printing the resulting uid.\n\nModify audit_get_loginuid to return a kuid_t.\n\nModify audit_set_loginuid to take a kuid_t.\n\nModify /proc/\u003cpid\u003e/loginuid on read to convert the loginuid into the\nuser namespace of the opener of the file.\n\nModify /proc/\u003cpid\u003e/loginud on write to convert the loginuid\nrom the user namespace of the opener of the file.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nCc: Paul Moore \u003cpaul@paul-moore.com\u003e ?\nCc: David Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7", "tree": "874ac71ed75f3c9b44eca7dbd8efef16d481827d", "parents": [ "860c0aaff75e714c21d325f32d36a37572b4fffb" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Sep 11 02:18:08 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:08:09 2012 -0700" }, "message": "audit: Add typespecific uid and gid comparators\n\nThe audit filter code guarantees that uid are always compared with\nuids and gids are always compared with gids, as the comparason\noperations are type specific. Take advantage of this proper to define\naudit_uid_comparator and audit_gid_comparator which use the type safe\ncomparasons from uidgid.h.\n\nBuild on audit_uid_comparator and audit_gid_comparator and replace\naudit_compare_id with audit_compare_uid and audit_compare_gid. This\nis one of those odd cases where being type safe and duplicating code\nleads to simpler shorter and more concise code.\n\nDon\u0027t allow bitmask operations in uid and gid comparisons in\naudit_data_to_entry. Bitmask operations are already denined in\naudit_rule_to_entry.\n\nConvert constants in audit_rule_to_entry and audit_data_to_entry into\nkuids and kgids when appropriate.\n\nConvert the uid and gid field in struct audit_names to be of type\nkuid_t and kgid_t respectively, so that the new uid and gid comparators\ncan be applied in a type safe manner.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "017143fecb3364e5fed8107d206799899f5dd684", "tree": "b0dcb667e86fb479a0f03e1489144507fe4bda26", "parents": [ "35ce9888ad2a60c95849551e7345bd547714bbff" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue Sep 11 00:19:06 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:07:07 2012 -0700" }, "message": "audit: Remove the unused uid parameter from audit_receive_filter\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "02276bda4a2bf094fcde89fb5db4d9e86347ebf4", "tree": "7f06da4dd9757c353133b9c512334daf96cfec1e", "parents": [ "34e36d8ecbd958bc15f8e63deade1227de337eb1" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 10 23:10:16 2012 -0700" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Sep 17 18:03:31 2012 -0700" }, "message": "audit: Use current instead of NETLINK_CREDS() in audit_filter\n\nGet caller process uid and gid and pid values from the current task\ninstead of the NETLINK_CB. This is simpler than passing NETLINK_CREDS\nfrom from audit_receive_msg to audit_filter_user_rules and avoid the\nchance of being hit by the occassional bugs in netlink uid/gid\ncredential passing. This is a safe changes because all netlink\nrequests are processed in the task of the sending process.\n\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\n" }, { "commit": "e23eb920b0f3978687c497de2ac3eb9e281dab32", "tree": "c4b2a7765b330a901d0f9c6ff30b14855ddab088", "parents": [ "a40695edad6a69561b299272028c172e2d981666" ], "author": { "name": "Peter Moody", "email": "pmoody@google.com", "time": "Thu Jun 14 10:04:35 2012 -0700" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Sep 12 07:28:05 2012 -0400" }, "message": "audit: export audit_log_task_info\n\nAt the suggestion of eparis@redhat.com, move this chunk of task\nlogging from audit_log_exit to audit_log_task_info and export this\nfunction so it\u0027s usuable elsewhere in the kernel.\n\nThis patch is against\ngit://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity#next-ima-appraisal\n\nChangelog v2:\n - add empty audit_log_task_info if CONFIG_AUDITSYSCALL isn\u0027t set.\n\nChangelog v1:\n - Initial post.\n\nSigned-off-by: Peter Moody \u003cpmoody@google.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "a51d9eaa41866ab6b4b6ecad7b621f8b66ece0dc", "tree": "f8ab532f946ec7f9ccdabb6a394d952981084122", "parents": [ "800179c9b8a1e796e441674776d11cd4c05d61d7" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Wed Jul 25 17:29:08 2012 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 29 21:43:08 2012 +0400" }, "message": "fs: add link restriction audit reporting\n\nAdds audit messages for unexpected link restriction violations so that\nsystem owners will have some sort of potentially actionable information\nabout misbehaving processes.\n\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3dc1c1b2d2ed7507ce8a379814ad75745ff97ebe", "tree": "68ca991b7a3d2fc7623f6d86ba5827d6638974fd", "parents": [ "e2cfabdfd075648216f99c2c03821cf3f47c1727" ], "author": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Thu Apr 12 16:47:58 2012 -0500" }, "committer": { "name": "James Morris", "email": "james.l.morris@oracle.com", "time": "Sat Apr 14 11:13:20 2012 +1000" }, "message": "seccomp: remove duplicated failure logging\n\nThis consolidates the seccomp filter error logging path and adds more\ndetails to the audit log.\n\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n\nv18: make compat\u003d permanent in the record\nv15: added a return code to the audit_seccomp path by wad@chromium.org\n (suggested by eparis@redhat.com)\nv*: original by keescook@chromium.org\nSigned-off-by: James Morris \u003cjames.l.morris@oracle.com\u003e\n" }, { "commit": "66b3fad3f4c535c92b6a1184d535a97d6aa5d82a", "tree": "e0ac7f847b760b9e8b9777df27cd1581099935a2", "parents": [ "9fcf03d0d6e845ed495fc8b1ec328b473ff298b3" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Mar 14 21:48:20 2012 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 20 21:29:40 2012 -0400" }, "message": "constify path argument of audit_log_d_path()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "10d68360871657204885371cdf2594412675d2f9", "tree": "85a4fa8d3b0dc0a7bc525475325f955f75d3881d", "parents": [ "4a6633ed08af5ba67790b4d1adcdeb8ceb55677e" ], "author": { "name": "Peter Moody", "email": "pmoody@google.com", "time": "Wed Jan 04 15:24:31 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:17:03 2012 -0500" }, "message": "audit: comparison on interprocess fields\n\nThis allows audit to specify rules in which we compare two fields of a\nprocess. Such as is the running process uid !\u003d to the running process\neuid?\n\nSigned-off-by: Peter Moody \u003cpmoody@google.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "4a6633ed08af5ba67790b4d1adcdeb8ceb55677e", "tree": "8b658f732f742d3d3a40f84b39ce4aa42f70d538", "parents": [ "c9fe685f7a17a0ee8bf3fbe51e40b1c8b8e65896" ], "author": { "name": "Peter Moody", "email": "pmoody@google.com", "time": "Tue Dec 13 16:17:51 2011 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:17:02 2012 -0500" }, "message": "audit: implement all object interfield comparisons\n\nThis completes the matrix of interfield comparisons between uid/gid\ninformation for the current task and the uid/gid information for inodes.\naka I can audit based on differences between the euid of the process and\nthe uid of fs objects.\n\nSigned-off-by: Peter Moody \u003cpmoody@google.com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "c9fe685f7a17a0ee8bf3fbe51e40b1c8b8e65896", "tree": "510a09bc02c5dccb7ef83c88f2a00546b17e2c17", "parents": [ "b34b039324bf081554ee8678f9b8c5d937e5206c" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:08 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:17:02 2012 -0500" }, "message": "audit: allow interfield comparison between gid and ogid\n\nAllow audit rules to compare the gid of the running task to the gid of the\ninode in question.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "02d86a568c6d2d335256864451ac8ce781bc5652", "tree": "3ef085bd96cc79733cff28993379dbbd4b855813", "parents": [ "29ef73b7a823b77a7cd0bdd7d7cded3fb6c2587b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:08 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:17:01 2012 -0500" }, "message": "audit: allow interfield comparison in audit rules\n\nWe wish to be able to audit when a uid\u003d500 task accesses a file which is\nuid\u003d0. Or vice versa. This patch introduces a new audit filter type\nAUDIT_FIELD_COMPARE which takes as an \u0027enum\u0027 which indicates which fields\nshould be compared. At this point we only define the task-\u003euid vs\ninode-\u003euid, but other comparisons can be added.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "0a300be6d5be8f66cd96609334710c268d0bfdce", "tree": "253d0d1e0aa28a6bdf883bb92e4b62fafe263563", "parents": [ "54d3218b31aee5bc9c859ae60fbde933d922448b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:08 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:17:00 2012 -0500" }, "message": "audit: remove task argument to audit_set_loginuid\n\nThe function always deals with current. Don\u0027t expose an option\npretending one can use it for something. You can\u0027t.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "54d3218b31aee5bc9c859ae60fbde933d922448b", "tree": "ebc383920713c283133d885191d0c19cb049afd2", "parents": [ "efaffd6e4417860c67576ac760dd6e8bbd15f006" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:07 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:16:59 2012 -0500" }, "message": "audit: allow audit matching on inode gid\n\nMuch like the ability to filter audit on the uid of an inode collected, we\nshould be able to filter on the gid of the inode.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "efaffd6e4417860c67576ac760dd6e8bbd15f006", "tree": "a59ee886b609bbf761fb75744e5e468264c67ab5", "parents": [ "6422e78de6880c66a82af512d9bd0c85eb62e661" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:07 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:16:59 2012 -0500" }, "message": "audit: allow matching on obj_uid\n\nAllow syscall exit filter matching based on the uid of the owner of an\ninode used in a syscall. aka:\n\nauditctl -a always,exit -S open -F obj_uid\u003d0 -F perm\u003dwa\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "6422e78de6880c66a82af512d9bd0c85eb62e661", "tree": "9cce4d385a6508056be7645fd3511ab019b346f4", "parents": [ "7ff68e53ece8c175d2951bb8a30b3cce8f9c5579" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:07 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:16:59 2012 -0500" }, "message": "audit: remove audit_finish_fork as it can\u0027t be called\n\nAudit entry,always rules are not allowed and are automatically changed in\nexit,always rules in userspace. The kernel refuses to load such rules.\n\nThus a task in the middle of a syscall (and thus in audit_finish_fork())\ncan only be in one of two states: AUDIT_BUILD_CONTEXT or AUDIT_DISABLED.\nSince the current task cannot be in AUDIT_RECORD_CONTEXT we aren\u0027t every\ngoing to actually use the code in audit_finish_fork() since it will\nreturn without doing anything. Thus drop the code.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "a4ff8dba7d8ce5ceb43fb27df66292251cc73bdc", "tree": "2c89a0a7a7dad853a2c2ec70417ef2f3f5a04fd4", "parents": [ "38cdce53daa0408a61fe6d86fe48f31515c9b840" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:07 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:16:58 2012 -0500" }, "message": "audit: inline audit_free to simplify the look of generic code\n\nmake the conditional a static inline instead of doing it in generic code.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "38cdce53daa0408a61fe6d86fe48f31515c9b840", "tree": "a08ff80a819432fa32e384e1960249a59cdb4f33", "parents": [ "07c49417877f8658a6aa0ad9b4e21e4fd4df11b6" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:07 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:16:58 2012 -0500" }, "message": "audit: drop audit_set_macxattr as it doesn\u0027t do anything\n\nunused. deleted.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "07c49417877f8658a6aa0ad9b4e21e4fd4df11b6", "tree": "59a64b96c9f35b8559db4c46b5a43d2d9510c190", "parents": [ "56179a6ec65a56e0279a58e35cb450d38f061b94" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:07 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:16:57 2012 -0500" }, "message": "audit: inline checks for not needing to collect aux records\n\nA number of audit hooks make function calls before they determine that\nauxilary records do not need to be collected. Do those checks as static\ninlines since the most common case is going to be that records are not\nneeded and we can skip the function call overhead.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "b05d8447e7821695bc2fa3359431f7a664232743", "tree": "da90e558279c6407aa2e08d36bea5d9a21cd959c", "parents": [ "f031cd25568a390dc2c9c3a4015054183753449a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:06 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:16:56 2012 -0500" }, "message": "audit: inline audit_syscall_entry to reduce burden on archs\n\nEvery arch calls:\n\nif (unlikely(current-\u003eaudit_context))\n\taudit_syscall_entry()\n\nwhich requires knowledge about audit (the existance of audit_context) in\nthe arch code. Just do it all in static inline in audit.h so that arch\u0027s\ncan remain blissfully ignorant.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "d7e7528bcd456f5c36ad4a202ccfb43c5aa98bc4", "tree": "ef49503b1dc52c52102e728dbd979c9309d5756b", "parents": [ "85e7bac33b8d5edafc4e219c7dfdb3d48e0b4e31" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:06 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:16:56 2012 -0500" }, "message": "Audit: push audit success and retcode into arch ptrace.h\n\nThe audit system previously expected arches calling to audit_syscall_exit to\nsupply as arguments if the syscall was a success and what the return code was.\nAudit also provides a helper AUDITSC_RESULT which was supposed to simplify things\nby converting from negative retcodes to an audit internal magic value stating\nsuccess or failure. This helper was wrong and could indicate that a valid\npointer returned to userspace was a failed syscall. The fix is to fix the\nlayering foolishness. We now pass audit_syscall_exit a struct pt_reg and it\nin turns calls back into arch code to collect the return value and to\ndetermine if the syscall was a success or failure. We also define a generic\nis_syscall_success() macro which determines success/failure based on if the\nvalue is \u003c -MAX_ERRNO. This works for arches like x86 which do not use a\nseparate mechanism to indicate syscall failure.\n\nWe make both the is_syscall_success() and regs_return_value() static inlines\ninstead of macros. The reason is because the audit function must take a void*\nfor the regs. (uml calls theirs struct uml_pt_regs instead of just struct\npt_regs so audit_syscall_exit can\u0027t take a struct pt_regs). Since the audit\nfunction takes a void* we need to use static inlines to cast it back to the\narch correct structure to dereference it.\n\nThe other major change is that on some arches, like ia64, MIPS and ppc, we\nchange regs_return_value() to give us the negative value on syscall failure.\nTHE only other user of this macro, kretprobe_example.c, won\u0027t notice and it\nmakes the value signed consistently for the audit functions across all archs.\n\nIn arch/sh/kernel/ptrace_64.c I see that we were using regs[9] in the old\naudit code as the return value. But the ptrace_64.h code defined the macro\nregs_return_value() as regs[3]. I have no idea which one is correct, but this\npatch now uses the regs_return_value() function, so it now uses regs[3].\n\nFor powerpc we previously used regs-\u003eresult but now use the\nregs_return_value() function which uses regs-\u003egprs[3]. regs-\u003egprs[3] is\nalways positive so the regs_return_value(), much like ia64 makes it negative\nbefore calling the audit code when appropriate.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: H. Peter Anvin \u003chpa@zytor.com\u003e [for x86 portion]\nAcked-by: Tony Luck \u003ctony.luck@intel.com\u003e [for ia64]\nAcked-by: Richard Weinberger \u003crichard@nod.at\u003e [for uml]\nAcked-by: David S. Miller \u003cdavem@davemloft.net\u003e [for sparc]\nAcked-by: Ralf Baechle \u003cralf@linux-mips.org\u003e [for mips]\nAcked-by: Benjamin Herrenschmidt \u003cbenh@kernel.crashing.org\u003e [for ppc]\n" }, { "commit": "85e7bac33b8d5edafc4e219c7dfdb3d48e0b4e31", "tree": "6a1f178de829d2219a65a8563e12f2c8029d4b13", "parents": [ "16c174bd95cb07c9d0ad3fcd8c70f9cea7214c9d" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 03 14:23:05 2012 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 17 16:16:55 2012 -0500" }, "message": "seccomp: audit abnormal end to a process due to seccomp\n\nThe audit system likes to collect information about processes that end\nabnormally (SIGSEGV) as this may me useful intrusion detection information.\nThis patch adds audit support to collect information when seccomp forces a\ntask to exit because of misbehavior in a similar way.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "2570ebbd1f1ce1ef31f568b0660354fc59424be2", "tree": "79031afa99b298b8520dc85bffbb42ed7ebb6f59", "parents": [ "0583fcc96bb117763c0fa74c123573c0112dec65" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jul 27 14:03:22 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:17 2012 -0500" }, "message": "switch kern_ipc_perm to umode_t\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "df0a42837b86567a130c44515ab620d23e7f182b", "tree": "1ea38c71503fddfbeb353b05a6bd85d383b161fd", "parents": [ "5706b27deae29ceee26d0c20112f087a9b841575" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jul 26 05:26:10 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jan 03 22:55:16 2012 -0500" }, "message": "switch mq_open() to umode_t\n" }, { "commit": "b9075fa968a0a4347aef35e235e2995c0e57dddd", "tree": "cf9f9716784e790d8a43339653256d9cf9178ff3", "parents": [ "ae29bc92da01a2e9d278a9a58c3b307d41cc0254" ], "author": { "name": "Joe Perches", "email": "joe@perches.com", "time": "Mon Oct 31 17:11:33 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Oct 31 17:30:54 2011 -0700" }, "message": "treewide: use __printf not __attribute__((format(printf,...)))\n\nStandardize the style for compiler based printf format verification.\nStandardized the location of __printf too.\n\nDone via script and a little typing.\n\n$ grep -rPl --include\u003d*.[ch] -w \"__attribute__\" * | \\\n grep -vP \"^(tools|scripts|include/linux/compiler-gcc.h)\" | \\\n xargs perl -n -i -e \u0027local $/; while (\u003c\u003e) { s/\\b__attribute__\\s*\\(\\s*\\(\\s*format\\s*\\(\\s*printf\\s*,\\s*(.+)\\s*,\\s*(.+)\\s*\\)\\s*\\)\\s*\\)/__printf($1, $2)/g ; print; }\u0027\n\n[akpm@linux-foundation.org: revert arch bits]\nSigned-off-by: Joe Perches \u003cjoe@perches.com\u003e\nCc: \"Kirill A. Shutemov\" \u003ckirill@shutemov.name\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "131ad62d8fc06d9d0a5c61d9526876352c2f2bbd", "tree": "517d1172c9510bc3645d0dbc98938676696abe7c", "parents": [ "15b4d93f0316caec44e07255c1d73bde4fac12e4" ], "author": { "name": "Mr Dash Four", "email": "mr.dash.four@googlemail.com", "time": "Thu Jun 30 13:31:57 2011 +0200" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Thu Jun 30 13:31:57 2011 +0200" }, "message": "netfilter: add SELinux context support to AUDIT target\n\nIn this revision the conversion of secid to SELinux context and adding it\nto the audit log is moved from xt_AUDIT.c to audit.c with the aid of a\nseparate helper function - audit_log_secctx - which does both the conversion\nand logging of SELinux context, thus also preventing internal secid number\nbeing leaked to userspace. If conversion is not successful an error is raised.\n\nWith the introduction of this helper function the work done in xt_AUDIT.c is\nmuch more simplified. It also opens the possibility of this helper function\nbeing used by other modules (including auditd itself), if desired. With this\naddition, typical (raw auditd) output after applying the patch would be:\n\ntype\u003dNETFILTER_PKT msg\u003daudit(1305852240.082:31012): action\u003d0 hook\u003d1 len\u003d52 inif\u003d? outif\u003deth0 saddr\u003d10.1.1.7 daddr\u003d10.1.2.1 ipid\u003d16312 proto\u003d6 sport\u003d56150 dport\u003d22 obj\u003dsystem_u:object_r:ssh_client_packet_t:s0\ntype\u003dNETFILTER_PKT msg\u003daudit(1306772064.079:56): action\u003d0 hook\u003d3 len\u003d48 inif\u003deth0 outif\u003d? smac\u003d00:05:5d:7c:27:0b dmac\u003d00:02:b3:0a:7f:81 macproto\u003d0x0800 saddr\u003d10.1.2.1 daddr\u003d10.1.1.7 ipid\u003d462 proto\u003d6 sport\u003d22 dport\u003d3561 obj\u003dsystem_u:object_r:ssh_server_packet_t:s0\n\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Mr Dash Four \u003cmr.dash.four@googlemail.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\n" }, { "commit": "14f0290ba44de6ed435fea24bba26e7868421c66", "tree": "449d32e4848007e3edbcab14fa8e09fdc66608ed", "parents": [ "f5c88f56b35599ab9ff2d3398e0153e4cd4a4c82", "a5db219f4cf9f67995eabd53b81a1232c82f5852" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Wed Jan 19 23:51:37 2011 +0100" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Wed Jan 19 23:51:37 2011 +0100" }, "message": "Merge branch \u0027master\u0027 of /repos/git/net-next-2.6\n" }, { "commit": "fbabf31e4d482149b5e2704eb0287cf9117bdcf3", "tree": "b12a1123474ab9aa566fc1a6e57e050653588ba0", "parents": [ "43f393caec0362abe03c72799d3f342af3973070" ], "author": { "name": "Thomas Graf", "email": "tgraf@infradead.org", "time": "Sun Jan 16 18:12:59 2011 +0100" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Sun Jan 16 18:12:59 2011 +0100" }, "message": "netfilter: create audit records for x_tables replaces\n\nThe setsockopt() syscall to replace tables is already recorded\nin the audit logs. This patch stores additional information\nsuch as table name and netfilter protocol.\n\nCc: Patrick McHardy \u003ckaber@trash.net\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Thomas Graf \u003ctgraf@redhat.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\n" }, { "commit": "43f393caec0362abe03c72799d3f342af3973070", "tree": "7ff979877f3d8e725709d7455ef4f977df605d78", "parents": [ "d862a6622e9db508d4b28cc7c5bc28bd548cc24e" ], "author": { "name": "Thomas Graf", "email": "tgraf@infradead.org", "time": "Sun Jan 16 18:10:28 2011 +0100" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Sun Jan 16 18:10:28 2011 +0100" }, "message": "netfilter: audit target to record accepted/dropped packets\n\nThis patch adds a new netfilter target which creates audit records\nfor packets traversing a certain chain.\n\nIt can be used to record packets which are rejected administraively\nas follows:\n\n -N AUDIT_DROP\n -A AUDIT_DROP -j AUDIT --type DROP\n -A AUDIT_DROP -j DROP\n\na rule which would typically drop or reject a packet would then\ninvoke the new chain to record packets before dropping them.\n\n -j AUDIT_DROP\n\nThe module is protocol independant and works for iptables, ip6tables\nand ebtables.\n\nThe following information is logged:\n - netfilter hook\n - packet length\n - incomming/outgoing interface\n - MAC src/dst/proto for ethernet packets\n - src/dst/protocol address for IPv4/IPv6\n - src/dst port for TCP/UDP/UDPLITE\n - icmp type/code\n\nCc: Patrick McHardy \u003ckaber@trash.net\u003e\nCc: Eric Paris \u003ceparis@parisplace.org\u003e\nCc: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nSigned-off-by: Thomas Graf \u003ctgraf@redhat.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\n" }, { "commit": "37721e1b0cf98cb65895f234d8c500d270546529", "tree": "6fb3ec6910513b18e100b17432864fa8c46d55e4", "parents": [ "9f99a2f0e44663517b99b69a3e4a499d0ba877df" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Mon Jan 10 08:17:10 2011 +0200" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Jan 10 08:51:44 2011 -0800" }, "message": "headers: path.h redux\n\nRemove path.h from sched.h and other files.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "120a795da07c9a02221ca23464c28a7c6ad7de1d", "tree": "14e0f5ab35e9397f4a1b2f5e24b8394a601aa409", "parents": [ "af2951325bd6c26cb2c91943c7b11aed53504056" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Oct 30 02:54:44 2010 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Oct 30 08:45:43 2010 -0400" }, "message": "audit mmap\n\nNormal syscall audit doesn\u0027t catch 5th argument of syscall. It also\ndoesn\u0027t catch the contents of userland structures pointed to be\nsyscall argument, so for both old and new mmap(2) ABI it doesn\u0027t\nrecord the descriptor we are mapping. For old one it also misses\nflags.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "1676effca4cd2a6b32e6e8e0ecaa91522dfda6fa", "tree": "7d570c366f6d968a74c39406052d6dd0223e4881", "parents": [ "2c8919dee659928d66cc13333d4e7a5bdd2206d5" ], "author": { "name": "Andi Kleen", "email": "andi@firstfloor.org", "time": "Mon Jun 21 11:02:48 2010 +0200" }, "committer": { "name": "Jens Axboe", "email": "jaxboe@fusionio.com", "time": "Sat Aug 07 18:23:12 2010 +0200" }, "message": "gcc-4.6: fs: fix unused but set warnings\n\nNo real bugs I believe, just some dead code, and some\nshut up code.\n\nSigned-off-by: Andi Kleen \u003cak@linux.intel.com\u003e\nCc: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Jens Axboe \u003cjaxboe@fusionio.com\u003e\n" }, { "commit": "cccc6bba3f771ef29b33e4f79e70ebc3dba245b0", "tree": "0abfed21a68d0ae54217a6f4308046fd30a70186", "parents": [ "123df2944c436c80640c4281c5bc9c7950b18687" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Dec 25 05:07:33 2009 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Feb 08 14:38:36 2010 -0500" }, "message": "Lose the first argument of audit_inode_child()\n\nit\u0027s always equal to -\u003ed_name.name of the second argument\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9d9609851003ebed15957f0f2ce18492739ee124", "tree": "2c116865d2f239b5596b22a3a79eecc82f5e1299", "parents": [ "35fe4d0b1b12286a81938e9c5fdfaf639ac0ce5b" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:37 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jun 24 00:00:52 2009 -0400" }, "message": "Audit: clean up all op\u003d output to include string quoting\n\nA number of places in the audit system we send an op\u003d followed by a string\nthat includes spaces. Somehow this works but it\u0027s just wrong. This patch\nmoves all of those that I could find to be quoted.\n\nExample:\n\nChange From: type\u003dCONFIG_CHANGE msg\u003daudit(1244666690.117:31): auid\u003d0 ses\u003d1\nsubj\u003dunconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op\u003dremove rule\nkey\u003d\"number2\" list\u003d4 res\u003d0\n\nChange To: type\u003dCONFIG_CHANGE msg\u003daudit(1244666690.117:31): auid\u003d0 ses\u003d1\nsubj\u003dunconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op\u003d\"remove rule\"\nkey\u003d\"number2\" list\u003d4 res\u003d0\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "523979adfa0b79d4e3aa053220c37a9233294206", "tree": "15ff42f935f9d443220edb118f3980432f924360", "parents": [ "ed850a52af971528b048812c4215cef298af0d3b" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 11 11:12:28 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Feb 12 09:40:14 2009 +1100" }, "message": "integrity: audit update\n\nBased on discussions on linux-audit, as per Steve Grubb\u0027s request\nhttp://lkml.org/lkml/2009/2/6/269, the following changes were made:\n- forced audit result to be either 0 or 1.\n- made template names const\n- Added new stand-alone message type: AUDIT_INTEGRITY_RULE\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nAcked-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "cb5629b10d64a8006622ce3a52bc887d91057d69", "tree": "7c06d8f30783115e3384721046258ce615b129c5", "parents": [ "8920d5ad6ba74ae8ab020e90cc4d976980e68701", "f01d1d546abb2f4028b5299092f529eefb01253a" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 06 11:01:45 2009 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 06 11:01:45 2009 +1100" }, "message": "Merge branch \u0027master\u0027 into next\n\nConflicts:\n\tfs/namei.c\n\nManually merged per:\n\ndiff --cc fs/namei.c\nindex 734f2b5,bbc15c2..0000000\n--- a/fs/namei.c\n+++ b/fs/namei.c\n@@@ -860,9 -848,8 +849,10 @@@ static int __link_path_walk(const char\n \t\tnd-\u003eflags |\u003d LOOKUP_CONTINUE;\n \t\terr \u003d exec_permission_lite(inode);\n \t\tif (err \u003d\u003d -EAGAIN)\n- \t\t\terr \u003d vfs_permission(nd, MAY_EXEC);\n+ \t\t\terr \u003d inode_permission(nd-\u003epath.dentry-\u003ed_inode,\n+ \t\t\t\t\t MAY_EXEC);\n +\t\tif (!err)\n +\t\t\terr \u003d ima_path_check(\u0026nd-\u003epath, MAY_EXEC);\n \t\tif (err)\n \t\t\tbreak;\n\n@@@ -1525,14 -1506,9 +1509,14 @@@ int may_open(struct path *path, int acc\n \t\tflag \u0026\u003d ~O_TRUNC;\n \t}\n\n- \terror \u003d vfs_permission(nd, acc_mode);\n+ \terror \u003d inode_permission(inode, acc_mode);\n \tif (error)\n \t\treturn error;\n +\n- \terror \u003d ima_path_check(\u0026nd-\u003epath,\n++\terror \u003d ima_path_check(path,\n +\t\t\t acc_mode \u0026 (MAY_READ | MAY_WRITE | MAY_EXEC));\n +\tif (error)\n +\t\treturn error;\n \t/*\n \t * An append-only file must be opened in append mode for writing.\n \t */\n\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3323eec921efd815178a23107ab63588c605c0b2", "tree": "bc9e9714ac4881ebc515c1bd155674c52c356d6a", "parents": [ "6146f0d5e47ca4047ffded0fb79b6c25359b386c" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Wed Feb 04 09:06:58 2009 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Feb 06 09:05:30 2009 +1100" }, "message": "integrity: IMA as an integrity service provider\n\nIMA provides hardware (TPM) based measurement and attestation for\nfile measurements. As the Trusted Computing (TPM) model requires,\nIMA measures all files before they are accessed in any way (on the\nintegrity_bprm_check, integrity_path_check and integrity_file_mmap\nhooks), and commits the measurements to the TPM. Once added to the\nTPM, measurements can not be removed.\n\nIn addition, IMA maintains a list of these file measurements, which\ncan be used to validate the aggregate value stored in the TPM. The\nTPM can sign these measurements, and thus the system can prove, to\nitself and to a third party, the system\u0027s integrity in a way that\ncannot be circumvented by malicious or compromised software.\n\n- alloc ima_template_entry before calling ima_store_template()\n- log ima_add_boot_aggregate() failure\n- removed unused IMA_TEMPLATE_NAME_LEN\n- replaced hard coded string length with #define name\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "5af75d8d58d0f9f7b7c0515b35786b22892d5f12", "tree": "65707c5309133a33140c39145ae91b7c1679a877", "parents": [ "36c4f1b18c8a7d0adb4085e7f531860b837bb6b0" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 16 05:59:26 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:42 2009 -0500" }, "message": "audit: validate comparison operations, store them in sane form\n\nDon\u0027t store the field-\u003eop in the messy (and very inconvenient for e.g.\naudit_comparator()) form; translate to dense set of values and do full\nvalidation of userland-submitted value while we are at it.\n\n-\u003eaudit_init_rule() and -\u003eaudit_match_rule() get new values now; in-tree\ninstances updated.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e45aa212ea81d39b38ba158df344dc3a500153e5", "tree": "c4d55cda9e8f976d15b6b01a775a3437f932db27", "parents": [ "0590b9335a1c72a3f0defcc6231287f7817e07c8" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Dec 15 01:17:50 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:42 2009 -0500" }, "message": "audit rules ordering, part 2\n\nFix the actual rule listing; add per-type lists _not_ used for matching,\nwith all exit,... sitting on one such list. Simplifies \"do something\nfor all rules\" logics, while we are at it...\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "0590b9335a1c72a3f0defcc6231287f7817e07c8", "tree": "289fa4668ae304f79f7484ac31b2cab0ab8894c1", "parents": [ "1a9d0797b8977d413435277bf9661efbbd584693" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Dec 14 23:45:27 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:41 2009 -0500" }, "message": "fixing audit rule ordering mess, part 1\n\nProblem: ordering between the rules on exit chain is currently lost;\nall watch and inode rules are listed after everything else _and_\nexit,never on one kind doesn\u0027t stop exit,always on another from\nbeing matched.\n\nSolution: assign priorities to rules, keep track of the current\nhighest-priority matching rule and its result (always/never).\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "57f71a0af4244d9ba3c0bce74b1d2e66e8d520bd", "tree": "c089a97949fc1d459e137b18739c04e9217913d1", "parents": [ "157cf649a735a2f7e8dba0ed08e6e38b6c30d886" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 14:52:57 2009 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:41 2009 -0500" }, "message": "sanitize audit_log_capset()\n\n* no allocations\n* return void\n* don\u0027t duplicate checked for dummy context\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "157cf649a735a2f7e8dba0ed08e6e38b6c30d886", "tree": "85895367c24023d363d5ee7b5ed2fb16eaf08721", "parents": [ "564f6993ffef656aebaf46cf2f1f6cb4f5c97207" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Dec 14 04:57:47 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:41 2009 -0500" }, "message": "sanitize audit_fd_pair()\n\n* no allocations\n* return void\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "564f6993ffef656aebaf46cf2f1f6cb4f5c97207", "tree": "0bf1ee553ab1241338fe522ffbaed8cd48e10c99", "parents": [ "c32c8af43b9adde8d6f938d8e6328c13b8de79ac" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Dec 14 04:02:26 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:41 2009 -0500" }, "message": "sanitize audit_mq_open()\n\n* don\u0027t bother with allocations\n* don\u0027t do double copy_from_user()\n* don\u0027t duplicate parts of check for audit_dummy_context()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c32c8af43b9adde8d6f938d8e6328c13b8de79ac", "tree": "6377079bba7530d2aa8a688ebf9ba3e09ae085a7", "parents": [ "20114f71b27cafeb7c7e41d2b0f0b68c3fbb022b" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Dec 14 03:46:48 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:40 2009 -0500" }, "message": "sanitize AUDIT_MQ_SENDRECV\n\n* logging the original value of *msg_prio in mq_timedreceive(2)\n is insane - the argument is write-only (i.e. syscall always\n ignores the original value and only overwrites it).\n* merge __audit_mq_timed{send,receive}\n* don\u0027t do copy_from_user() twice\n* don\u0027t mess with allocations in auditsc part\n* ... and don\u0027t bother checking !audit_enabled and !context in there -\n we\u0027d already checked for audit_dummy_context().\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "20114f71b27cafeb7c7e41d2b0f0b68c3fbb022b", "tree": "fcbb481cfec8c11f103ba07dbb08819de3822d80", "parents": [ "7392906ea915b9a2c14dea32b3604b4e178f82f7" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 07:16:12 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:40 2009 -0500" }, "message": "sanitize audit_mq_notify()\n\n* don\u0027t copy_from_user() twice\n* don\u0027t bother with allocations\n* don\u0027t duplicate parts of audit_dummy_context()\n* make it return void\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7392906ea915b9a2c14dea32b3604b4e178f82f7", "tree": "1e4fbe56e3738fade213ef805ec274ea74ac6a1b", "parents": [ "e816f370cbadd2afea9f1a42f232d0636137d563" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 06:58:59 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:40 2009 -0500" }, "message": "sanitize audit_mq_getsetattr()\n\n* get rid of allocations\n* make it return void\n* don\u0027t duplicate parts of audit_dummy_context()\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e816f370cbadd2afea9f1a42f232d0636137d563", "tree": "8a9fe488ced59cd9864fcbf15292641c3b95143c", "parents": [ "a33e6751003c5ade603737d828b1519d980ce392" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 03:47:15 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:40 2009 -0500" }, "message": "sanitize audit_ipc_set_perm()\n\n* get rid of allocations\n* make it return void\n* simplify callers\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a33e6751003c5ade603737d828b1519d980ce392", "tree": "aa484d033e886945aed78172dbdd4d2fd928bacf", "parents": [ "f3298dc4f2277874d40cb4fc3a6e277317d6603b" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 03:40:06 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:39 2009 -0500" }, "message": "sanitize audit_ipc_obj()\n\n* get rid of allocations\n* make it return void\n* simplify callers\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f3298dc4f2277874d40cb4fc3a6e277317d6603b", "tree": "8ba8f7e7a0597965b2f6c7106718a59cc164eab1", "parents": [ "4f6b434fee2402b3decdeae9d16eb648725ae426" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Dec 10 03:16:51 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:39 2009 -0500" }, "message": "sanitize audit_socketcall\n\n* don\u0027t bother with allocations\n* now that it can\u0027t fail, make it return void\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "cbacc2c7f066a1e01b33b0e27ae5efbf534bc2db", "tree": "90d1093131d2a3543a8b3b1f3364e7c6f4081a93", "parents": [ "4a6908a3a050aacc9c3a2f36b276b46c0629ad91", "74192246910ff4fb95309ba1a683215644beeb62" ], "author": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 25 11:40:09 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Thu Dec 25 11:40:09 2008 +1100" }, "message": "Merge branch \u0027next\u0027 into for-linus\n" }, { "commit": "48887e63d6e057543067327da6b091297f7fe645", "tree": "f290af5a887bcf840a63043eb2df3a4c02ccaea3", "parents": [ "7f0ed77d241b60f70136f15b8eef30a3de1fa249" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Dec 06 01:05:50 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 09 02:27:41 2008 -0500" }, "message": "[PATCH] fix broken timestamps in AVC generated by kernel threads\n\nTimestamp in audit_context is valid only if -\u003ein_syscall is set.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a64e64944f4b8ce3288519555dbaa0232414b8ac", "tree": "6b37f5444c49379580b6b4fead84a75ca474d0ab", "parents": [ "a3f07114e3359fb98683069ae397220e8992a24a" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Nov 12 18:37:41 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Dec 09 02:27:38 2008 -0500" }, "message": "[PATCH] return records for fork() both to child and parent\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a6f76f23d297f70e2a6b3ec607f7aeeea9e37e8d", "tree": "8f95617996d0974507f176163459212a7def8b9a", "parents": [ "d84f4f992cbd76e8f39c488cf0c5d123843923b1" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:24 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:24 2008 +1100" }, "message": "CRED: Make execve() take advantage of copy-on-write credentials\n\nMake execve() take advantage of copy-on-write credentials, allowing it to set\nup the credentials in advance, and then commit the whole lot after the point\nof no return.\n\nThis patch and the preceding patches have been tested with the LTP SELinux\ntestsuite.\n\nThis patch makes several logical sets of alteration:\n\n (1) execve().\n\n The credential bits from struct linux_binprm are, for the most part,\n replaced with a single credentials pointer (bprm-\u003ecred). This means that\n all the creds can be calculated in advance and then applied at the point\n of no return with no possibility of failure.\n\n I would like to replace bprm-\u003ecap_effective with:\n\n\tcap_isclear(bprm-\u003ecap_effective)\n\n but this seems impossible due to special behaviour for processes of pid 1\n (they always retain their parent\u0027s capability masks where normally they\u0027d\n be changed - see cap_bprm_set_creds()).\n\n The following sequence of events now happens:\n\n (a) At the start of do_execve, the current task\u0027s cred_exec_mutex is\n \t locked to prevent PTRACE_ATTACH from obsoleting the calculation of\n \t creds that we make.\n\n (a) prepare_exec_creds() is then called to make a copy of the current\n \t task\u0027s credentials and prepare it. This copy is then assigned to\n \t bprm-\u003ecred.\n\n \t This renders security_bprm_alloc() and security_bprm_free()\n \t unnecessary, and so they\u0027ve been removed.\n\n (b) The determination of unsafe execution is now performed immediately\n \t after (a) rather than later on in the code. The result is stored in\n \t bprm-\u003eunsafe for future reference.\n\n (c) prepare_binprm() is called, possibly multiple times.\n\n \t (i) This applies the result of set[ug]id binaries to the new creds\n \t attached to bprm-\u003ecred. Personality bit clearance is recorded,\n \t but now deferred on the basis that the exec procedure may yet\n \t fail.\n\n (ii) This then calls the new security_bprm_set_creds(). This should\n\t calculate the new LSM and capability credentials into *bprm-\u003ecred.\n\n\t This folds together security_bprm_set() and parts of\n\t security_bprm_apply_creds() (these two have been removed).\n\t Anything that might fail must be done at this point.\n\n (iii) bprm-\u003ecred_prepared is set to 1.\n\n\t bprm-\u003ecred_prepared is 0 on the first pass of the security\n\t calculations, and 1 on all subsequent passes. This allows SELinux\n\t in (ii) to base its calculations only on the initial script and\n\t not on the interpreter.\n\n (d) flush_old_exec() is called to commit the task to execution. This\n \t performs the following steps with regard to credentials:\n\n\t (i) Clear pdeath_signal and set dumpable on certain circumstances that\n\t may not be covered by commit_creds().\n\n (ii) Clear any bits in current-\u003epersonality that were deferred from\n (c.i).\n\n (e) install_exec_creds() [compute_creds() as was] is called to install the\n \t new credentials. This performs the following steps with regard to\n \t credentials:\n\n (i) Calls security_bprm_committing_creds() to apply any security\n requirements, such as flushing unauthorised files in SELinux, that\n must be done before the credentials are changed.\n\n\t This is made up of bits of security_bprm_apply_creds() and\n\t security_bprm_post_apply_creds(), both of which have been removed.\n\t This function is not allowed to fail; anything that might fail\n\t must have been done in (c.ii).\n\n (ii) Calls commit_creds() to apply the new credentials in a single\n assignment (more or less). Possibly pdeath_signal and dumpable\n should be part of struct creds.\n\n\t (iii) Unlocks the task\u0027s cred_replace_mutex, thus allowing\n\t PTRACE_ATTACH to take place.\n\n (iv) Clears The bprm-\u003ecred pointer as the credentials it was holding\n are now immutable.\n\n (v) Calls security_bprm_committed_creds() to apply any security\n alterations that must be done after the creds have been changed.\n SELinux uses this to flush signals and signal handlers.\n\n (f) If an error occurs before (d.i), bprm_free() will call abort_creds()\n \t to destroy the proposed new credentials and will then unlock\n \t cred_replace_mutex. No changes to the credentials will have been\n \t made.\n\n (2) LSM interface.\n\n A number of functions have been changed, added or removed:\n\n (*) security_bprm_alloc(), -\u003ebprm_alloc_security()\n (*) security_bprm_free(), -\u003ebprm_free_security()\n\n \t Removed in favour of preparing new credentials and modifying those.\n\n (*) security_bprm_apply_creds(), -\u003ebprm_apply_creds()\n (*) security_bprm_post_apply_creds(), -\u003ebprm_post_apply_creds()\n\n \t Removed; split between security_bprm_set_creds(),\n \t security_bprm_committing_creds() and security_bprm_committed_creds().\n\n (*) security_bprm_set(), -\u003ebprm_set_security()\n\n \t Removed; folded into security_bprm_set_creds().\n\n (*) security_bprm_set_creds(), -\u003ebprm_set_creds()\n\n \t New. The new credentials in bprm-\u003ecreds should be checked and set up\n \t as appropriate. bprm-\u003ecred_prepared is 0 on the first call, 1 on the\n \t second and subsequent calls.\n\n (*) security_bprm_committing_creds(), -\u003ebprm_committing_creds()\n (*) security_bprm_committed_creds(), -\u003ebprm_committed_creds()\n\n \t New. Apply the security effects of the new credentials. This\n \t includes closing unauthorised files in SELinux. This function may not\n \t fail. When the former is called, the creds haven\u0027t yet been applied\n \t to the process; when the latter is called, they have.\n\n \t The former may access bprm-\u003ecred, the latter may not.\n\n (3) SELinux.\n\n SELinux has a number of changes, in addition to those to support the LSM\n interface changes mentioned above:\n\n (a) The bprm_security_struct struct has been removed in favour of using\n \t the credentials-under-construction approach.\n\n (c) flush_unauthorized_files() now takes a cred pointer and passes it on\n \t to inode_has_perm(), file_has_perm() and dentry_open().\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d84f4f992cbd76e8f39c488cf0c5d123843923b1", "tree": "fc4a0349c42995715b93d0f7a3c78e9ea9b3f36e", "parents": [ "745ca2475a6ac596e3d8d37c2759c0fbe2586227" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:23 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:23 2008 +1100" }, "message": "CRED: Inaugurate COW credentials\n\nInaugurate copy-on-write credentials management. This uses RCU to manage the\ncredentials pointer in the task_struct with respect to accesses by other tasks.\nA process may only modify its own credentials, and so does not need locking to\naccess or modify its own credentials.\n\nA mutex (cred_replace_mutex) is added to the task_struct to control the effect\nof PTRACE_ATTACHED on credential calculations, particularly with respect to\nexecve().\n\nWith this patch, the contents of an active credentials struct may not be\nchanged directly; rather a new set of credentials must be prepared, modified\nand committed using something like the following sequence of events:\n\n\tstruct cred *new \u003d prepare_creds();\n\tint ret \u003d blah(new);\n\tif (ret \u003c 0) {\n\t\tabort_creds(new);\n\t\treturn ret;\n\t}\n\treturn commit_creds(new);\n\nThere are some exceptions to this rule: the keyrings pointed to by the active\ncredentials may be instantiated - keyrings violate the COW rule as managing\nCOW keyrings is tricky, given that it is possible for a task to directly alter\nthe keys in a keyring in use by another task.\n\nTo help enforce this, various pointers to sets of credentials, such as those in\nthe task_struct, are declared const. The purpose of this is compile-time\ndiscouragement of altering credentials through those pointers. Once a set of\ncredentials has been made public through one of these pointers, it may not be\nmodified, except under special circumstances:\n\n (1) Its reference count may incremented and decremented.\n\n (2) The keyrings to which it points may be modified, but not replaced.\n\nThe only safe way to modify anything else is to create a replacement and commit\nusing the functions described in Documentation/credentials.txt (which will be\nadded by a later patch).\n\nThis patch and the preceding patches have been tested with the LTP SELinux\ntestsuite.\n\nThis patch makes several logical sets of alteration:\n\n (1) execve().\n\n This now prepares and commits credentials in various places in the\n security code rather than altering the current creds directly.\n\n (2) Temporary credential overrides.\n\n do_coredump() and sys_faccessat() now prepare their own credentials and\n temporarily override the ones currently on the acting thread, whilst\n preventing interference from other threads by holding cred_replace_mutex\n on the thread being dumped.\n\n This will be replaced in a future patch by something that hands down the\n credentials directly to the functions being called, rather than altering\n the task\u0027s objective credentials.\n\n (3) LSM interface.\n\n A number of functions have been changed, added or removed:\n\n (*) security_capset_check(), -\u003ecapset_check()\n (*) security_capset_set(), -\u003ecapset_set()\n\n \t Removed in favour of security_capset().\n\n (*) security_capset(), -\u003ecapset()\n\n \t New. This is passed a pointer to the new creds, a pointer to the old\n \t creds and the proposed capability sets. It should fill in the new\n \t creds or return an error. All pointers, barring the pointer to the\n \t new creds, are now const.\n\n (*) security_bprm_apply_creds(), -\u003ebprm_apply_creds()\n\n \t Changed; now returns a value, which will cause the process to be\n \t killed if it\u0027s an error.\n\n (*) security_task_alloc(), -\u003etask_alloc_security()\n\n \t Removed in favour of security_prepare_creds().\n\n (*) security_cred_free(), -\u003ecred_free()\n\n \t New. Free security data attached to cred-\u003esecurity.\n\n (*) security_prepare_creds(), -\u003ecred_prepare()\n\n \t New. Duplicate any security data attached to cred-\u003esecurity.\n\n (*) security_commit_creds(), -\u003ecred_commit()\n\n \t New. Apply any security effects for the upcoming installation of new\n \t security by commit_creds().\n\n (*) security_task_post_setuid(), -\u003etask_post_setuid()\n\n \t Removed in favour of security_task_fix_setuid().\n\n (*) security_task_fix_setuid(), -\u003etask_fix_setuid()\n\n \t Fix up the proposed new credentials for setuid(). This is used by\n \t cap_set_fix_setuid() to implicitly adjust capabilities in line with\n \t setuid() changes. Changes are made to the new credentials, rather\n \t than the task itself as in security_task_post_setuid().\n\n (*) security_task_reparent_to_init(), -\u003etask_reparent_to_init()\n\n \t Removed. Instead the task being reparented to init is referred\n \t directly to init\u0027s credentials.\n\n\t NOTE! This results in the loss of some state: SELinux\u0027s osid no\n\t longer records the sid of the thread that forked it.\n\n (*) security_key_alloc(), -\u003ekey_alloc()\n (*) security_key_permission(), -\u003ekey_permission()\n\n \t Changed. These now take cred pointers rather than task pointers to\n \t refer to the security context.\n\n (4) sys_capset().\n\n This has been simplified and uses less locking. The LSM functions it\n calls have been merged.\n\n (5) reparent_to_kthreadd().\n\n This gives the current thread the same credentials as init by simply using\n commit_thread() to point that way.\n\n (6) __sigqueue_alloc() and switch_uid()\n\n __sigqueue_alloc() can\u0027t stop the target task from changing its creds\n beneath it, so this function gets a reference to the currently applicable\n user_struct which it then passes into the sigqueue struct it returns if\n successful.\n\n switch_uid() is now called from commit_creds(), and possibly should be\n folded into that. commit_creds() should take care of protecting\n __sigqueue_alloc().\n\n (7) [sg]et[ug]id() and co and [sg]et_current_groups.\n\n The set functions now all use prepare_creds(), commit_creds() and\n abort_creds() to build and check a new set of credentials before applying\n it.\n\n security_task_set[ug]id() is called inside the prepared section. This\n guarantees that nothing else will affect the creds until we\u0027ve finished.\n\n The calling of set_dumpable() has been moved into commit_creds().\n\n Much of the functionality of set_user() has been moved into\n commit_creds().\n\n The get functions all simply access the data directly.\n\n (8) security_task_prctl() and cap_task_prctl().\n\n security_task_prctl() has been modified to return -ENOSYS if it doesn\u0027t\n want to handle a function, or otherwise return the return value directly\n rather than through an argument.\n\n Additionally, cap_task_prctl() now prepares a new set of credentials, even\n if it doesn\u0027t end up using it.\n\n (9) Keyrings.\n\n A number of changes have been made to the keyrings code:\n\n (a) switch_uid_keyring(), copy_keys(), exit_keys() and suid_keys() have\n \t all been dropped and built in to the credentials functions directly.\n \t They may want separating out again later.\n\n (b) key_alloc() and search_process_keyrings() now take a cred pointer\n \t rather than a task pointer to specify the security context.\n\n (c) copy_creds() gives a new thread within the same thread group a new\n \t thread keyring if its parent had one, otherwise it discards the thread\n \t keyring.\n\n (d) The authorisation key now points directly to the credentials to extend\n \t the search into rather pointing to the task that carries them.\n\n (e) Installing thread, process or session keyrings causes a new set of\n \t credentials to be created, even though it\u0027s not strictly necessary for\n \t process or session keyrings (they\u0027re shared).\n\n(10) Usermode helper.\n\n The usermode helper code now carries a cred struct pointer in its\n subprocess_info struct instead of a new session keyring pointer. This set\n of credentials is derived from init_cred and installed on the new process\n after it has been cloned.\n\n call_usermodehelper_setup() allocates the new credentials and\n call_usermodehelper_freeinfo() discards them if they haven\u0027t been used. A\n special cred function (prepare_usermodeinfo_creds()) is provided\n specifically for call_usermodehelper_setup() to call.\n\n call_usermodehelper_setkeys() adjusts the credentials to sport the\n supplied keyring as the new session keyring.\n\n(11) SELinux.\n\n SELinux has a number of changes, in addition to those to support the LSM\n interface changes mentioned above:\n\n (a) selinux_setprocattr() no longer does its check for whether the\n \t current ptracer can access processes with the new SID inside the lock\n \t that covers getting the ptracer\u0027s SID. Whilst this lock ensures that\n \t the check is done with the ptracer pinned, the result is only valid\n \t until the lock is released, so there\u0027s no point doing it inside the\n \t lock.\n\n(12) is_single_threaded().\n\n This function has been extracted from selinux_setprocattr() and put into\n a file of its own in the lib/ directory as join_session_keyring() now\n wants to use it too.\n\n The code in SELinux just checked to see whether a task shared mm_structs\n with other tasks (CLONE_VM), but that isn\u0027t good enough. We really want\n to know if they\u0027re part of the same thread group (CLONE_THREAD).\n\n(13) nfsd.\n\n The NFS server daemon now has to use the COW credentials to set the\n credentials it is going to use. It really needs to pass the credentials\n down to the functions it calls, but it can\u0027t do that until other patches\n in this series have been applied.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "e68b75a027bb94066576139ee33676264f867b87", "tree": "2c31f59a4abe9d7bb3cb75fdf3b57772feeeb6f6", "parents": [ "3fc689e96c0c90b6fede5946d6c31075e9464f69" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 11 21:48:22 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 11 21:48:22 2008 +1100" }, "message": "When the capset syscall is used it is not possible for audit to record the\nactual capbilities being added/removed. This patch adds a new record type\nwhich emits the target pid and the eff, inh, and perm cap sets.\n\nexample output if you audit capset syscalls would be:\n\ntype\u003dSYSCALL msg\u003daudit(1225743140.465:76): arch\u003dc000003e syscall\u003d126 success\u003dyes exit\u003d0 a0\u003d17f2014 a1\u003d17f201c a2\u003d80000000 a3\u003d7fff2ab7f060 items\u003d0 ppid\u003d2160 pid\u003d2223 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dpts0 ses\u003d1 comm\u003d\"setcap\" exe\u003d\"/usr/sbin/setcap\" subj\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key\u003d(null)\ntype\u003dUNKNOWN[1322] msg\u003daudit(1225743140.465:76): pid\u003d0 cap_pi\u003dffffffffffffffff cap_pp\u003dffffffffffffffff cap_pe\u003dffffffffffffffff\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "3fc689e96c0c90b6fede5946d6c31075e9464f69", "tree": "5e59b6c607eb595ababa74bad18787cfa49b16e9", "parents": [ "851f7ff56d9c21272f289dd85fb3f1b6cf7a6e10" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Nov 11 21:48:18 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Tue Nov 11 21:48:18 2008 +1100" }, "message": "Any time fcaps or a setuid app under SECURE_NOROOT is used to result in a\nnon-zero pE we will crate a new audit record which contains the entire set\nof known information about the executable in question, fP, fI, fE, fversion\nand includes the process\u0027s pE, pI, pP. Before and after the bprm capability\nare applied. This record type will only be emitted from execve syscalls.\n\nan example of making ping use fcaps instead of setuid:\n\nsetcap \"cat_net_raw+pe\" /bin/ping\n\ntype\u003dSYSCALL msg\u003daudit(1225742021.015:236): arch\u003dc000003e syscall\u003d59 success\u003dyes exit\u003d0 a0\u003d1457f30 a1\u003d14606b0 a2\u003d1463940 a3\u003d321b770a70 items\u003d2 ppid\u003d2929 pid\u003d2963 auid\u003d0 uid\u003d500 gid\u003d500 euid\u003d500 suid\u003d500 fsuid\u003d500 egid\u003d500 sgid\u003d500 fsgid\u003d500 tty\u003dpts0 ses\u003d3 comm\u003d\"ping\" exe\u003d\"/bin/ping\" subj\u003dunconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key\u003d(null)\ntype\u003dUNKNOWN[1321] msg\u003daudit(1225742021.015:236): fver\u003d2 fp\u003d0000000000002000 fi\u003d0000000000000000 fe\u003d1 old_pp\u003d0000000000000000 old_pi\u003d0000000000000000 old_pe\u003d0000000000000000 new_pp\u003d0000000000002000 new_pi\u003d0000000000000000 new_pe\u003d0000000000002000\ntype\u003dEXECVE msg\u003daudit(1225742021.015:236): argc\u003d2 a0\u003d\"ping\" a1\u003d\"127.0.0.1\"\ntype\u003dCWD msg\u003daudit(1225742021.015:236): cwd\u003d\"/home/test\"\ntype\u003dPATH msg\u003daudit(1225742021.015:236): item\u003d0 name\u003d\"/bin/ping\" inode\u003d49256 dev\u003dfd:00 mode\u003d0100755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003dsystem_u:object_r:ping_exec_t:s0 cap_fp\u003d0000000000002000 cap_fe\u003d1 cap_fver\u003d2\ntype\u003dPATH msg\u003daudit(1225742021.015:236): item\u003d1 name\u003d(null) inode\u003d507915 dev\u003dfd:00 mode\u003d0100755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003dsystem_u:object_r:ld_so_t:s0\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "f606ddf42fd4edc558eeb48bfee66d2c591571d2", "tree": "193f00db121201255b2629fce43b99a53c4ec735", "parents": [ "99764fa4ceeecba8b9e0a8a5565b418a2e94f83b" ], "author": { "name": "Adrian Bunk", "email": "bunk@kernel.org", "time": "Wed Jul 23 21:28:50 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jul 24 10:47:24 2008 -0700" }, "message": "remove the v850 port\n\nTrying to compile the v850 port brings many compile errors, one of them exists\nsince at least kernel 2.6.19.\n\nThere also seems to be noone willing to bring this port back into a usable\nstate.\n\nThis patch therefore removes the v850 port.\n\nIf anyone ever decides to revive the v850 port the code will still be\navailable from older kernels, and it wouldn\u0027t be impossible for the port to\nreenter the kernel if it would become actively maintained again.\n\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nAcked-by: Greg Ungerer \u003cgerg@uclinux.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "d8de72473effd674a3c1fe9621821f406f5587c9", "tree": "4b96ac9b82cc156f9ee01da00450f1a97222353f", "parents": [ "9f0aecdd1cd6aacee9aa8f08031f4f2e09e454dc" ], "author": { "name": "Peng Haitao", "email": "penght@cn.fujitsu.com", "time": "Tue May 20 09:13:02 2008 +0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 24 23:36:35 2008 -0400" }, "message": "[PATCH] remove useless argument type in audit_filter_user()\n\nThe second argument \"type\" is not used in audit_filter_user(), so I think that type can be removed. If I\u0027m wrong, please tell me.\n\nSigned-off-by: Peng Haitao \u003cpenght@cn.fujitsu.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "8b67dca9420474623709e00d72a066068a502b20", "tree": "9d4dc19d849dd23cf00cee0851fd402062cdf1ea", "parents": [ "4a761b8c1d7a3a4ee7ccf92ce255d986f601e067" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 04:15:49 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:28:37 2008 -0400" }, "message": "[PATCH] new predicate - AUDIT_FILETYPE\n\nArgument is S_IF... | \u003cindex\u003e, where index is normally 0 or 1.\nTriggers if chosen element of ctx-\u003enames[] is present and the\nmode of object in question matches the upper bits of argument.\nI.e. for things like \"is the argument of that chmod a directory\",\netc.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a42da93c8641a0b49405ceb2a2063975c823aa49", "tree": "ad674ce1bc7ce1727ae0896998e11dbe6b8d66f0", "parents": [ "b556f8ad58c6e9f8f485c8cef7546e3fc82c382a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:36:22 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:19:29 2008 -0400" }, "message": "Audit: increase the maximum length of the key field\n\nKey lengths were arbitrarily limited to 32 characters. If userspace is going\nto start using the single kernel key field as multiple virtual key fields\n(example key\u003dkey1,key2,key3,key4) we should give them enough room to work.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "b556f8ad58c6e9f8f485c8cef7546e3fc82c382a", "tree": "e7a1c5ce313b6dec9727d69b08b5005dc35709a3", "parents": [ "f09ac9db2aafe36fde9ebd63c8c5d776f6e7bd41" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:12:59 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:19:22 2008 -0400" }, "message": "Audit: standardize string audit interfaces\n\nThis patch standardized the string auditing interfaces. No userspace\nchanges will be visible and this is all just cleanup and consistancy\nwork. We have the following string audit interfaces to use:\n\nvoid audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len);\n\nvoid audit_log_n_string(struct audit_buffer *ab, const char *buf, size_t n);\nvoid audit_log_string(struct audit_buffer *ab, const char *buf);\n\nvoid audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string, size_t n);\nvoid audit_log_untrustedstring(struct audit_buffer *ab, const char *string);\n\nThis may be the first step to possibly fixing some of the issues that\npeople have with the string output from the kernel audit system. But we\nstill don\u0027t have an agreed upon solution to that problem.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "2532386f480eefbdd67b48be55fb4fb3e5a6081c", "tree": "dd6a5a3c4116a67380a1336319c16632f04f80f9", "parents": [ "436c405c7d19455a71f42c9bec5fd5e028f1eb4e" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Fri Apr 18 10:09:25 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:18:03 2008 -0400" }, "message": "Audit: collect sessionid in netlink messages\n\nPreviously I added sessionid output to all audit messages where it was\navailable but we still didn\u0027t know the sessionid of the sender of\nnetlink messages. This patch adds that information to netlink messages\nso we can audit who sent netlink messages.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "04305e4aff8b0533dc05f9f6f1a34d0796bd985f", "tree": "9938264917b4b9e6e147b883d88fca94c6788b76", "parents": [ "9d57a7f9e23dc30783d245280fc9907cf2c87837" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Apr 19 09:59:43 2008 +1000" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:59:43 2008 +1000" }, "message": "Audit: Final renamings and cleanup\n\nRename the se_str and se_rule audit fields elements to\nlsm_str and lsm_rule to avoid confusion.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "9d57a7f9e23dc30783d245280fc9907cf2c87837", "tree": "508b81e213f5dca1097ccf0ece8ba092b168607b", "parents": [ "d7a96f3a1ae279a2129653d6cb18d722f2f00f91" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 22:03:14 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:53:46 2008 +1000" }, "message": "SELinux: use new audit hooks, remove redundant exports\n\nSetup the new Audit LSM hooks for SELinux.\nRemove the now redundant exported SELinux Audit interface.\n\nAudit: Export \u0027audit_krule\u0027 and \u0027audit_field\u0027 to the public\nsince their internals are needed by the implementation of the\nnew LSM hook \u0027audit_rule_known\u0027.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "44707fdf5938ad269ea5d6c5744d82f6a7328746", "tree": "7eb1704418eb41b859ad24bc48f6400135474d87", "parents": [ "a03a8a709a0c34b61b7aea1d54a0473a6b941fdb" ], "author": { "name": "Jan Blunck", "email": "jblunck@suse.de", "time": "Thu Feb 14 19:38:33 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Feb 14 21:17:08 2008 -0800" }, "message": "d_path: Use struct path in struct avc_audit_data\n\naudit_log_d_path() is a d_path() wrapper that is used by the audit code. To\nuse a struct path in audit_log_d_path() I need to embed it into struct\navc_audit_data.\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Jan Blunck \u003cjblunck@suse.de\u003e\nAcked-by: Christoph Hellwig \u003chch@infradead.org\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: \"J. Bruce Fields\" \u003cbfields@fieldses.org\u003e\nCc: Neil Brown \u003cneilb@suse.de\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "de6bbd1d30e5912620d25dd15e3f180ac7f9fcef", "tree": "3807b13f8e2e490c258c5bb37915c95fc1bcfe20", "parents": [ "e445deb593d67c8ed13bd357c780a93d78bc84cf" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 14:31:58 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:23:55 2008 -0500" }, "message": "[AUDIT] break large execve argument logging into smaller messages\n\nexecve arguments can be quite large. There is no limit on the number of\narguments and a 4G limit on the size of an argument.\n\nthis patch prints those aruguments in bite sized pieces. a userspace size\nlimitation of 8k was discovered so this keeps messages around 7.5k\n\nsingle arguments larger than 7.5k in length are split into multiple records\nand can be identified as aX[Y]\u003d\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "c0641f28dcbecb6dc34a4fd003a9947fcd080696", "tree": "75cc2700afe2e83834895e7f45c7f663faf2e034", "parents": [ "4746ec5b01ed07205a91e4f7ed9de9d70f371407" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jan 07 13:49:15 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:07:19 2008 -0500" }, "message": "[AUDIT] Add End of Event record\n\nThis patch adds an end of event record type. It will be sent by the kernel as\nthe last record when a multi-record event is triggered. This will aid realtime\nanalysis programs since they will now reliably know they have the last record\nto complete an event. The audit daemon filters this and will not write it to\ndisk.\n\nSigned-off-by: Steve Grubb \u003csgrubb redhat com\u003e\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "4746ec5b01ed07205a91e4f7ed9de9d70f371407", "tree": "7a3a836b6178ccab24801e90b69c1159b2c23099", "parents": [ "c2a7780efe37d01bdb3facc85a94663e6d67d4a8" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Tue Jan 08 10:06:53 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:06:51 2008 -0500" }, "message": "[AUDIT] add session id to audit messages\n\nIn order to correlate audit records to an individual login add a session\nid. This is incremented every time a user logs in and is included in\nalmost all messages which currently output the auid. The field is\nlabeled ses\u003d or oses\u003d\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "bfef93a5d1fb5654fe2025276c55e202d10b5255", "tree": "573d8153c5d5216b0c4007b652286eeddd3c0987", "parents": [ "0c11b9428f619ab377c92eff2f160a834a6585dd" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jan 10 04:53:18 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:05:28 2008 -0500" }, "message": "[PATCH] get rid of loginuid races\n\nKeeping loginuid in audit_context is racy and results in messier\ncode. Taken to task_struct, out of the way of -\u003eaudit_context\nchanges.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "0c11b9428f619ab377c92eff2f160a834a6585dd", "tree": "35b573715ad5730a77d067486838345132771a7a", "parents": [ "24e1c13c93cbdd05e4b7ea921c0050b036555adc" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jan 10 04:20:52 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Feb 01 14:04:59 2008 -0500" }, "message": "[PATCH] switch audit_get_loginuid() to task_struct *\n\nall callers pass something-\u003eaudit_context\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "13541b3adad2dc2f56761c5193c2b88db3597f0e", "tree": "ef5dfff5135ecb91ccb379d351c9bc5f491e080a", "parents": [ "8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd" ], "author": { "name": "Paul Moore", "email": "paul.moore@hp.com", "time": "Tue Jan 29 08:44:23 2008 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Wed Jan 30 08:17:29 2008 +1100" }, "message": "NetLabel: Add auditing to the static labeling mechanism\n\nThis patch adds auditing support to the NetLabel static labeling mechanism.\n\nSigned-off-by: Paul Moore \u003cpaul.moore@hp.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "74c3cbe33bc077ac1159cadfea608b501e100344", "tree": "4c4023caa4e15d19780255fa5880df3d36eb292c", "parents": [ "455434d450a358ac5bcf3fc58f8913d13c544622" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 08:04:18 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Oct 21 02:37:45 2007 -0400" }, "message": "[PATCH] audit: watching subtrees\n\nNew kind of audit rule predicates: \"object is visible in given subtree\".\nThe part that can be sanely implemented, that is. Limitations:\n\t* if you have hardlink from outside of tree, you\u0027d better watch\nit too (or just watch the object itself, obviously)\n\t* if you mount something under a watched tree, tell audit\nthat new chunk should be added to watched subtrees\n\t* if you umount something in a watched tree and it\u0027s still mounted\nelsewhere, you will get matches on events happening there. New command\ntells audit to recalculate the trees, trimming such sources of false\npositives.\n\nNote that it\u0027s _not_ about path - if something mounted in several places\n(multiple mount, bindings, different namespaces, etc.), the match does\n_not_ depend on which one we are using for access.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5a190ae69766da9a34bf31200c5cea4c0667cf94", "tree": "340c500fe42518abe6d1159a00619b1bd02f07fc", "parents": [ "cfa76f024f7c9e65169425804e5b32e71f66d0ee" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jun 07 12:19:32 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Oct 21 02:37:18 2007 -0400" }, "message": "[PATCH] pass dentry to audit_inode()/audit_inode_child()\n\nmakes caller simpler *and* allows to scan ancestors\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "ab5f5e8b144e4c804ef3aa1ce08a9ca9f01187ce", "tree": "bf3915a618b29f507d882e9c665ed9d07e7c0765", "parents": [ "d2e9117c7aa9544d910634e17e3519fd67155229" ], "author": { "name": "Joy Latten", "email": "latten@austin.ibm.com", "time": "Mon Sep 17 11:51:22 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:49:02 2007 -0700" }, "message": "[XFRM]: xfrm audit calls\n\nThis patch modifies the current ipsec audit layer\nby breaking it up into purpose driven audit calls.\n\nSo far, the only audit calls made are when add/delete\nan SA/policy. It had been discussed to give each\nkey manager it\u0027s own calls to do this, but I found\nthere to be much redundnacy since they did the exact\nsame things, except for how they got auid and sid, so I\ncombined them. The below audit calls can be made by any\nkey manager. Hopefully, this is ok.\n\nSigned-off-by: Joy Latten \u003clatten@austin.ibm.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6dc2c1b7798ef645213afc82f6d5eac3d61bc18b", "tree": "1f6edacc42a38d836556d7bba52f2321e0397d89", "parents": [ "1ff6f3dbfb366b464869d3558406e498cb3e1159" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Thu Aug 23 10:19:53 2007 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Aug 23 21:37:45 2007 -0700" }, "message": "Renumber AUDIT_TTY_[GS]ET\n\nRenumber AUDIT_TTY_[GS]ET to avoid a conflict with netlink message types\nalready used in the wild.\n\nSigned-off-by: Miloslav Trmac \u003cmitr@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4259fa01a2d2aa3e589b34ba7624080232d9c1ff", "tree": "3aa83d784c4db22f3b62e4d963757497555c5e5c", "parents": [ "74f2345b6be1410f824cb7dd638d2c10a9709379" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Jun 07 11:13:31 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 09:57:02 2007 -0400" }, "message": "[PATCH] get rid of AVC_PATH postponed treatment\n\n Selinux folks had been complaining about the lack of AVC_PATH\nrecords when audit is disabled. I must admit my stupidity - I assumed\nthat avc_audit() really couldn\u0027t use audit_log_d_path() because of\ndeadlocks (\u003d\u003d could be called with dcache_lock or vfsmount_lock held).\nShouldn\u0027t have made that assumption - it never gets called that way.\nIt _is_ called under spinlocks, but not those.\n\n Since audit_log_d_path() uses ab-\u003egfp_mask for allocations,\nkmalloc() in there is not a problem. IOW, the simple fix is sufficient:\nlet\u0027s rip AUDIT_AVC_PATH out and simply generate pathname as part of main\nrecord. It\u0027s trivial to do.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "74f2345b6be1410f824cb7dd638d2c10a9709379", "tree": "a9cbdb517eb01b04de3e641d87ef42ad186e91e3", "parents": [ "c926e4f432af0f61ac2b9b637fb51a4871a3fc91" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Mon Jun 04 17:00:14 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 09:57:02 2007 -0400" }, "message": "[PATCH] allow audit filtering on bit \u0026 operations\n\nRight now the audit filter can match on \u003d !\u003d \u003e \u003c \u003e\u003d blah blah blah.\nThis allow the filter to also look at bitwise AND operations, \u0026\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "522ed7767e800cff6c650ec64b0ee0677303119c", "tree": "f65ecb29f2cf885018d3557f840de3ef4be6ec64", "parents": [ "4f27c00bf80f122513d3a5be16ed851573164534" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Sun Jul 15 23:40:56 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "Audit: add TTY input auditing\n\nAdd TTY input auditing, used to audit system administrator\u0027s actions. This is\nrequired by various security standards such as DCID 6/3 and PCI to provide\nnon-repudiation of administrator\u0027s actions and to allow a review of past\nactions if the administrator seems to overstep their duties or if the system\nbecomes misconfigured for unknown reasons. These requirements do not make it\nnecessary to audit TTY output as well.\n\nCompared to an user-space keylogger, this approach records TTY input using the\naudit subsystem, correlated with other audit events, and it is completely\ntransparent to the user-space application (e.g. the console ioctls still\nwork).\n\nTTY input auditing works on a higher level than auditing all system calls\nwithin the session, which would produce an overwhelming amount of mostly\nuseless audit events.\n\nAdd an \"audit_tty\" attribute, inherited across fork (). Data read from TTYs\nby process with the attribute is sent to the audit subsystem by the kernel.\nThe audit netlink interface is extended to allow modifying the audit_tty\nattribute, and to allow sending explanatory audit events from user-space (for\nexample, a shell might send an event containing the final command, after the\ninteractive command-line editing and history expansion is performed, which\nmight be difficult to decipher from the TTY input alone).\n\nBecause the \"audit_tty\" attribute is inherited across fork (), it would be set\ne.g. for sshd restarted within an audited session. To prevent this, the\naudit_tty attribute is cleared when a process with no open TTY file\ndescriptors (e.g. after daemon startup) opens a TTY.\n\nSee https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a\nmore detailed rationale document for an older version of this patch.\n\n[akpm@linux-foundation.org: build fix]\nSigned-off-by: Miloslav Trmac \u003cmitr@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: Paul Fulghum \u003cpaulkf@microgate.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0a4ff8c2598b72f2fa9d50aae9e1809e684dbf41", "tree": "309f2b2b5874692302862534cd9052a1d96018ba", "parents": [ "5712e88f2b0f626a4857c24128810bbf8ce09537" ], "author": { "name": "Steve Grubb", "email": "sgrubb@redhat.com", "time": "Thu Apr 19 10:28:21 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:26 2007 -0400" }, "message": "[PATCH] Abnormal End of Processes\n\nHi,\n\nI have been working on some code that detects abnormal events based on audit\nsystem events. One kind of event that we currently have no visibility for is\nwhen a program terminates due to segfault - which should never happen on a\nproduction machine. And if it did, you\u0027d want to investigate it. Attached is a\npatch that collects these events and sends them into the audit system.\n\nSigned-off-by: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "4fc03b9beb2314f3adb9e72b7935a80c577954d1", "tree": "81e04534c582923fcdc8212497d1487ddae412a8", "parents": [ "510f4006e7a82b37b53c17bbe64ec20f3a59302b" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Tue Feb 13 14:15:01 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:26 2007 -0400" }, "message": "[PATCH] complete message queue auditing\n\nHandle the edge cases for POSIX message queue auditing. Collect inode\ninfo when opening an existing mq, and for send/receive operations. Remove\naudit_inode_update() as it has really evolved into the equivalent of\naudit_inode().\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e54dc2431d740a79a6bd013babade99d71b1714f", "tree": "16b0990d5c16946239a17b332f54b5918fb03305", "parents": [ "7f13da40e36c84d0d046b7adbd060af7d3717250" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Mar 29 18:01:04 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:25 2007 -0400" }, "message": "[PATCH] audit signal recipients\n\nWhen auditing syscalls that send signals, log the pid and security\ncontext for each target process. Optimize the data collection by\nadding a counter for signal-related rules, and avoiding allocating an\naux struct unless we have more than one target process. For process\ngroups, collect pid/context data in blocks of 16. Move the\naudit_signal_info() hook up in check_kill_permission() so we audit\nattempts where permission is denied.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "7f13da40e36c84d0d046b7adbd060af7d3717250", "tree": "3cf0c58f674be94a7237734367ee5c04a5f223bc", "parents": [ "a5cb013da773a67ee48d1c19e96436c22a73a7eb" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Mar 29 18:00:37 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:25 2007 -0400" }, "message": "[PATCH] add SIGNAL syscall class (v3)\n\nAdd a syscall class for sending signals.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a5cb013da773a67ee48d1c19e96436c22a73a7eb", "tree": "8832d105c4742674423bd50352b8a4805c44fecc", "parents": [ "129a84de2347002f09721cda3155ccfd19fade40" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Mar 20 13:58:35 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:25 2007 -0400" }, "message": "[PATCH] auditing ptrace\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3b46e650165f691a30ddede1a79d2df02f3459d7", "tree": "90cc53677412986b28d31001faa5e5a980cba7fe", "parents": [ "f991633de626a5f16069d00e26b45142e037ce24" ], "author": { "name": "Jeff Dike", "email": "jdike@addtoit.com", "time": "Tue Mar 06 01:42:17 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Mar 06 09:30:25 2007 -0800" }, "message": "[PATCH] linux/audit.h needs linux/types.h\n\nInclude linux/types.h here because we need a definition of __u32. This file\nappears not be exported verbatim by libc, so I think this doesn\u0027t have any\nuserspace consequences.\n\nSigned-off-by: Jeff Dike \u003cjdike@linux.intel.com\u003e\nCc: Paolo \u0027Blaisorblade\u0027 Giarrusso \u003cblaisorblade@yahoo.it\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "db3495099d3d52854b13874905af6e40a91f4721", "tree": "5a832081d70dd9dabda3498baf40b7d6ced47f24", "parents": [ "6a01b07fae482f9b34491b317056c89d3b96ca2e" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Feb 07 01:48:00 2007 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Feb 17 21:30:15 2007 -0500" }, "message": "[PATCH] AUDIT_FD_PAIR\n\nProvide an audit record of the descriptor pair returned by pipe() and\nsocketpair(). Rewritten from the original posted to linux-audit by\nJohn D. Ramsdell \u003cramsdell@mitre.org\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "161a09e737f0761ca064ee6a907313402f7a54b6", "tree": "80fdf6dc5de73d810ef0ec811299a5ec3c5ce23e", "parents": [ "95b99a670df31ca5271f503f378e5cac3aee8f5e" ], "author": { "name": "Joy Latten", "email": "latten@austin.ibm.com", "time": "Mon Nov 27 13:11:54 2006 -0600" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Dec 06 20:14:22 2006 -0800" }, "message": "audit: Add auditing to ipsec\n\nAn audit message occurs when an ipsec SA\nor ipsec policy is created/deleted.\n\nSigned-off-by: Joy Latten \u003clatten@austin.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" } ], "next": "c8e649ba908954447e9a095677f6a6c8e50a37b2" }