rpms/kernel/FC-5 linux-2.6-audit-cur-cleanup.patch, NONE, 1.1.2.1 linux-2.6-audit-exit.patch, NONE, 1.1.2.1 linux-2.6-audit-inode-sid.patch, NONE, 1.1.2.1 linux-2.6-audit-ipc-sid.patch, NONE, 1.1.2.1 kernel-2.6.spec, 1.2074.2.2, 1.2074.2.3
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Mar 31 21:04:22 UTC 2006
Author: sgrubb
Update of /cvs/dist/rpms/kernel/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv14058
Modified Files:
Tag: private-lspp-14-branch
kernel-2.6.spec
Added Files:
Tag: private-lspp-14-branch
linux-2.6-audit-cur-cleanup.patch linux-2.6-audit-exit.patch
linux-2.6-audit-inode-sid.patch linux-2.6-audit-ipc-sid.patch
Log Message:
* Fri Mar 31 2006 Steve Grubb <sgrubb at redhat.com>
- lspp.15 kernel
linux-2.6-audit-cur-cleanup.patch:
auditsc.c | 20 ++++++++++----------
1 files changed, 10 insertions(+), 10 deletions(-)
--- NEW FILE linux-2.6-audit-cur-cleanup.patch ---
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 7f160df..4052f0a 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -536,13 +536,13 @@ error_path:
return;
}
-static void audit_log_task_info(struct audit_buffer *ab, gfp_t gfp_mask)
+static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk, gfp_t gfp_mask)
{
- char name[sizeof(current->comm)];
- struct mm_struct *mm = current->mm;
+ char name[sizeof(tsk->comm)];
+ struct mm_struct *mm = tsk->mm;
struct vm_area_struct *vma;
- get_task_comm(name, current);
+ get_task_comm(name, tsk);
audit_log_format(ab, " comm=");
audit_log_untrustedstring(ab, name);
@@ -551,7 +551,7 @@ static void audit_log_task_info(struct a
/*
* this is brittle; all callers that pass GFP_ATOMIC will have
- * NULL current->mm and we won't get here.
+ * NULL tsk->mm and we won't get here.
*/
down_read(&mm->mmap_sem);
vma = mm->mmap;
@@ -569,7 +569,7 @@ static void audit_log_task_info(struct a
audit_log_task_context(ab, gfp_mask);
}
-static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
+static void audit_log_exit(struct audit_context *context, struct task_struct *tsk, gfp_t gfp_mask)
{
int i;
struct audit_buffer *ab;
@@ -587,8 +587,8 @@ static void audit_log_exit(struct audit_
audit_log_format(ab, " success=%s exit=%ld",
(context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
context->return_code);
- if (current->signal->tty && current->signal->tty->name)
- tty = current->signal->tty->name;
+ if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
+ tty = tsk->signal->tty->name;
else
tty = "(none)";
audit_log_format(ab,
@@ -720,7 +720,7 @@ void audit_free(struct task_struct *tsk)
* We use GFP_ATOMIC here because we might be doing this
* in the context of the idle thread */
if (context->in_syscall && context->auditable)
- audit_log_exit(context, GFP_ATOMIC);
+ audit_log_exit(context, tsk, GFP_ATOMIC);
audit_free_context(context);
}
@@ -839,7 +839,7 @@ void audit_syscall_exit(struct task_stru
goto out;
if (context->in_syscall && context->auditable)
- audit_log_exit(context, GFP_KERNEL);
+ audit_log_exit(context, tsk, GFP_KERNEL);
context->in_syscall = 0;
context->auditable = 0;
linux-2.6-audit-exit.patch:
arch/i386/kernel/ptrace.c | 7 +--
arch/i386/kernel/vm86.c | 2
arch/i386/kernel/vm86.c.orig | 12 ++++-
arch/ia64/kernel/ptrace.c | 4 -
arch/mips/kernel/ptrace.c | 4 -
arch/powerpc/kernel/ptrace.c | 5 --
arch/s390/kernel/ptrace.c | 5 --
arch/sparc64/kernel/ptrace.c | 5 --
arch/sparc64/kernel/ptrace.c.orig |only
arch/um/kernel/ptrace.c | 6 --
arch/x86_64/kernel/ptrace.c | 6 +-
include/linux/audit.h | 8 +--
include/linux/audit.h.orig |only
kernel/auditsc.c | 85 ++++++++++++++++----------------------
kernel/auditsc.c.orig | 20 ++++----
kernel/exit.c | 2
kernel/exit.c.orig | 7 +++
kernel/fork.c | 2
18 files changed, 88 insertions(+), 92 deletions(-)
--- NEW FILE linux-2.6-audit-exit.patch ---
diff -urp linux-2.6.16.x86_64.orig/arch/i386/kernel/ptrace.c linux-2.6.16.x86_64/arch/i386/kernel/ptrace.c
--- linux-2.6.16.x86_64.orig/arch/i386/kernel/ptrace.c 2006-03-31 08:31:18.000000000 -0500
+++ linux-2.6.16.x86_64/arch/i386/kernel/ptrace.c 2006-03-31 15:05:49.000000000 -0500
@@ -671,7 +671,7 @@ int do_syscall_trace(struct pt_regs *reg
if (unlikely(current->audit_context)) {
if (entryexit)
- audit_syscall_exit(current, AUDITSC_RESULT(regs->eax),
+ audit_syscall_exit(AUDITSC_RESULT(regs->eax),
regs->eax);
/* Debug traps, when using PTRACE_SINGLESTEP, must be sent only
* on the syscall exit path. Normally, when TIF_SYSCALL_AUDIT is
@@ -720,14 +720,13 @@ int do_syscall_trace(struct pt_regs *reg
ret = is_sysemu;
out:
if (unlikely(current->audit_context) && !entryexit)
- audit_syscall_entry(current, AUDIT_ARCH_I386, regs->orig_eax,
+ audit_syscall_entry(AUDIT_ARCH_I386, regs->orig_eax,
regs->ebx, regs->ecx, regs->edx, regs->esi);
if (ret == 0)
return 0;
regs->orig_eax = -1; /* force skip of syscall restarting */
if (unlikely(current->audit_context))
- audit_syscall_exit(current, AUDITSC_RESULT(regs->eax),
- regs->eax);
+ audit_syscall_exit(AUDITSC_RESULT(regs->eax), regs->eax);
return 1;
}
diff -urp linux-2.6.16.x86_64.orig/arch/i386/kernel/vm86.c linux-2.6.16.x86_64/arch/i386/kernel/vm86.c
--- linux-2.6.16.x86_64.orig/arch/i386/kernel/vm86.c 2006-03-31 08:31:17.000000000 -0500
+++ linux-2.6.16.x86_64/arch/i386/kernel/vm86.c 2006-03-31 15:05:49.000000000 -0500
@@ -320,7 +320,7 @@ static void do_sys_vm86(struct kernel_vm
/*call audit_syscall_exit since we do not exit via the normal paths */
if (unlikely(current->audit_context))
- audit_syscall_exit(current, AUDITSC_RESULT(eax), eax);
+ audit_syscall_exit(AUDITSC_RESULT(eax), eax);
__asm__ __volatile__(
"movl %0,%%esp\n\t"
diff -urp linux-2.6.16.x86_64.orig/arch/i386/kernel/vm86.c.orig linux-2.6.16.x86_64/arch/i386/kernel/vm86.c.orig
--- linux-2.6.16.x86_64.orig/arch/i386/kernel/vm86.c.orig 2006-03-31 08:31:18.000000000 -0500
+++ linux-2.6.16.x86_64/arch/i386/kernel/vm86.c.orig 2006-03-31 15:05:42.000000000 -0500
@@ -43,6 +43,7 @@
#include <linux/smp_lock.h>
#include <linux/highmem.h>
#include <linux/ptrace.h>
+#include <linux/audit.h>
#include <asm/uaccess.h>
#include <asm/io.h>
@@ -258,6 +259,7 @@ static void do_sys_vm86(struct kernel_vm
#ifndef CONFIG_X86_NO_TSS
struct tss_struct *tss;
#endif
+ long eax;
/*
* make sure the vm86() system call doesn't try to do anything silly
*/
@@ -313,13 +315,19 @@ static void do_sys_vm86(struct kernel_vm
tsk->thread.screen_bitmap = info->screen_bitmap;
if (info->flags & VM86_SCREEN_BITMAP)
mark_screen_rdonly(tsk->mm);
+ __asm__ __volatile__("xorl %eax,%eax; movl %eax,%fs; movl %eax,%gs\n\t");
+ __asm__ __volatile__("movl %%eax, %0\n" :"=r"(eax));
+
+ /*call audit_syscall_exit since we do not exit via the normal paths */
+ if (unlikely(current->audit_context))
+ audit_syscall_exit(current, AUDITSC_RESULT(eax), eax);
+
__asm__ __volatile__(
- "xorl %%eax,%%eax; movl %%eax,%%fs; movl %%eax,%%gs\n\t"
"movl %0,%%esp\n\t"
"movl %1,%%ebp\n\t"
"jmp resume_userspace"
: /* no outputs */
- :"r" (&info->regs), "r" (task_thread_info(tsk)) : "ax");
+ :"r" (&info->regs), "r" (task_thread_info(tsk)));
/* we never return here */
}
diff -urp linux-2.6.16.x86_64.orig/arch/ia64/kernel/ptrace.c linux-2.6.16.x86_64/arch/ia64/kernel/ptrace.c
--- linux-2.6.16.x86_64.orig/arch/ia64/kernel/ptrace.c 2006-03-31 08:31:25.000000000 -0500
+++ linux-2.6.16.x86_64/arch/ia64/kernel/ptrace.c 2006-03-31 15:05:49.000000000 -0500
@@ -1644,7 +1644,7 @@ syscall_trace_enter (long arg0, long arg
arch = AUDIT_ARCH_IA64;
}
- audit_syscall_entry(current, arch, syscall, arg0, arg1, arg2, arg3);
+ audit_syscall_entry(arch, syscall, arg0, arg1, arg2, arg3);
}
}
@@ -1662,7 +1662,7 @@ syscall_trace_leave (long arg0, long arg
if (success != AUDITSC_SUCCESS)
result = -result;
- audit_syscall_exit(current, success, result);
+ audit_syscall_exit(success, result);
}
if (test_thread_flag(TIF_SYSCALL_TRACE)
diff -urp linux-2.6.16.x86_64.orig/arch/mips/kernel/ptrace.c linux-2.6.16.x86_64/arch/mips/kernel/ptrace.c
--- linux-2.6.16.x86_64.orig/arch/mips/kernel/ptrace.c 2006-03-31 08:31:29.000000000 -0500
+++ linux-2.6.16.x86_64/arch/mips/kernel/ptrace.c 2006-03-31 15:05:49.000000000 -0500
@@ -469,7 +469,7 @@ static inline int audit_arch(void)
asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)
{
if (unlikely(current->audit_context) && entryexit)
- audit_syscall_exit(current, AUDITSC_RESULT(regs->regs[2]),
+ audit_syscall_exit(AUDITSC_RESULT(regs->regs[2]),
regs->regs[2]);
if (!(current->ptrace & PT_PTRACED))
@@ -493,7 +493,7 @@ asmlinkage void do_syscall_trace(struct
}
out:
if (unlikely(current->audit_context) && !entryexit)
- audit_syscall_entry(current, audit_arch(), regs->regs[2],
+ audit_syscall_entry(audit_arch(), regs->regs[2],
regs->regs[4], regs->regs[5],
regs->regs[6], regs->regs[7]);
}
diff -urp linux-2.6.16.x86_64.orig/arch/powerpc/kernel/ptrace.c linux-2.6.16.x86_64/arch/powerpc/kernel/ptrace.c
--- linux-2.6.16.x86_64.orig/arch/powerpc/kernel/ptrace.c 2006-03-31 08:31:44.000000000 -0500
+++ linux-2.6.16.x86_64/arch/powerpc/kernel/ptrace.c 2006-03-31 15:05:49.000000000 -0500
@@ -538,7 +538,7 @@ void do_syscall_trace_enter(struct pt_re
do_syscall_trace();
if (unlikely(current->audit_context))
- audit_syscall_entry(current,
+ audit_syscall_entry(
#ifdef CONFIG_PPC32
AUDIT_ARCH_PPC,
#else
@@ -556,8 +556,7 @@ void do_syscall_trace_leave(struct pt_re
#endif
if (unlikely(current->audit_context))
- audit_syscall_exit(current,
- (regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS,
+ audit_syscall_exit((regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS,
regs->result);
if ((test_thread_flag(TIF_SYSCALL_TRACE)
diff -urp linux-2.6.16.x86_64.orig/arch/s390/kernel/ptrace.c linux-2.6.16.x86_64/arch/s390/kernel/ptrace.c
--- linux-2.6.16.x86_64.orig/arch/s390/kernel/ptrace.c 2006-03-31 08:31:23.000000000 -0500
+++ linux-2.6.16.x86_64/arch/s390/kernel/ptrace.c 2006-03-31 15:05:49.000000000 -0500
@@ -734,7 +734,7 @@ asmlinkage void
syscall_trace(struct pt_regs *regs, int entryexit)
{
if (unlikely(current->audit_context) && entryexit)
- audit_syscall_exit(current, AUDITSC_RESULT(regs->gprs[2]), regs->gprs[2]);
+ audit_syscall_exit(AUDITSC_RESULT(regs->gprs[2]), regs->gprs[2]);
if (!test_thread_flag(TIF_SYSCALL_TRACE))
goto out;
@@ -761,8 +761,7 @@ syscall_trace(struct pt_regs *regs, int
}
out:
if (unlikely(current->audit_context) && !entryexit)
- audit_syscall_entry(current,
- test_thread_flag(TIF_31BIT)?AUDIT_ARCH_S390:AUDIT_ARCH_S390X,
+ audit_syscall_entry(test_thread_flag(TIF_31BIT)?AUDIT_ARCH_S390:AUDIT_ARCH_S390X,
regs->gprs[2], regs->orig_gpr2, regs->gprs[3],
regs->gprs[4], regs->gprs[5]);
}
diff -urp linux-2.6.16.x86_64.orig/arch/sparc64/kernel/ptrace.c linux-2.6.16.x86_64/arch/sparc64/kernel/ptrace.c
--- linux-2.6.16.x86_64.orig/arch/sparc64/kernel/ptrace.c 2006-03-31 08:31:15.000000000 -0500
+++ linux-2.6.16.x86_64/arch/sparc64/kernel/ptrace.c 2006-03-31 15:05:49.000000000 -0500
@@ -627,7 +627,7 @@ asmlinkage void syscall_trace(struct pt_
if (unlikely(tstate & (TSTATE_XCARRY | TSTATE_ICARRY)))
result = AUDITSC_FAILURE;
- audit_syscall_exit(current, result, regs->u_regs[UREG_I0]);
+ audit_syscall_exit(result, regs->u_regs[UREG_I0]);
}
if (!(current->ptrace & PT_PTRACED))
@@ -651,8 +651,7 @@ asmlinkage void syscall_trace(struct pt_
out:
if (unlikely(current->audit_context) && !syscall_exit_p)
- audit_syscall_entry(current,
- (test_thread_flag(TIF_32BIT) ?
+ audit_syscall_entry((test_thread_flag(TIF_32BIT) ?
AUDIT_ARCH_SPARC :
AUDIT_ARCH_SPARC64),
regs->u_regs[UREG_G1],
Only in linux-2.6.16.x86_64/arch/sparc64/kernel: ptrace.c.orig
diff -urp linux-2.6.16.x86_64.orig/arch/um/kernel/ptrace.c linux-2.6.16.x86_64/arch/um/kernel/ptrace.c
--- linux-2.6.16.x86_64.orig/arch/um/kernel/ptrace.c 2006-03-31 08:31:23.000000000 -0500
+++ linux-2.6.16.x86_64/arch/um/kernel/ptrace.c 2006-03-31 15:05:49.000000000 -0500
@@ -269,15 +269,13 @@ void syscall_trace(union uml_pt_regs *re
if (unlikely(current->audit_context)) {
if (!entryexit)
- audit_syscall_entry(current,
- HOST_AUDIT_ARCH,
+ audit_syscall_entry(HOST_AUDIT_ARCH,
UPT_SYSCALL_NR(regs),
UPT_SYSCALL_ARG1(regs),
UPT_SYSCALL_ARG2(regs),
UPT_SYSCALL_ARG3(regs),
UPT_SYSCALL_ARG4(regs));
- else audit_syscall_exit(current,
- AUDITSC_RESULT(UPT_SYSCALL_RET(regs)),
+ else audit_syscall_exit(AUDITSC_RESULT(UPT_SYSCALL_RET(regs)),
UPT_SYSCALL_RET(regs));
}
diff -urp linux-2.6.16.x86_64.orig/arch/x86_64/kernel/ptrace.c linux-2.6.16.x86_64/arch/x86_64/kernel/ptrace.c
--- linux-2.6.16.x86_64.orig/arch/x86_64/kernel/ptrace.c 2006-03-31 08:31:16.000000000 -0500
+++ linux-2.6.16.x86_64/arch/x86_64/kernel/ptrace.c 2006-03-31 15:05:49.000000000 -0500
@@ -605,12 +605,12 @@ asmlinkage void syscall_trace_enter(stru
if (unlikely(current->audit_context)) {
if (test_thread_flag(TIF_IA32)) {
- audit_syscall_entry(current, AUDIT_ARCH_I386,
+ audit_syscall_entry(AUDIT_ARCH_I386,
regs->orig_rax,
regs->rbx, regs->rcx,
regs->rdx, regs->rsi);
} else {
- audit_syscall_entry(current, AUDIT_ARCH_X86_64,
+ audit_syscall_entry(AUDIT_ARCH_X86_64,
regs->orig_rax,
regs->rdi, regs->rsi,
regs->rdx, regs->r10);
@@ -621,7 +621,7 @@ asmlinkage void syscall_trace_enter(stru
asmlinkage void syscall_trace_leave(struct pt_regs *regs)
{
if (unlikely(current->audit_context))
- audit_syscall_exit(current, AUDITSC_RESULT(regs->rax), regs->rax);
+ audit_syscall_exit(AUDITSC_RESULT(regs->rax), regs->rax);
if ((test_thread_flag(TIF_SYSCALL_TRACE)
|| test_thread_flag(TIF_SINGLESTEP))
diff -urp linux-2.6.16.x86_64.orig/include/linux/audit.h linux-2.6.16.x86_64/include/linux/audit.h
--- linux-2.6.16.x86_64.orig/include/linux/audit.h 2006-03-31 08:32:05.000000000 -0500
+++ linux-2.6.16.x86_64/include/linux/audit.h 2006-03-31 15:05:49.000000000 -0500
@@ -293,10 +293,10 @@ struct netlink_skb_parms;
/* Public API */
extern int audit_alloc(struct task_struct *task);
extern void audit_free(struct task_struct *task);
-extern void audit_syscall_entry(struct task_struct *task, int arch,
+extern void audit_syscall_entry(int arch,
int major, unsigned long a0, unsigned long a1,
unsigned long a2, unsigned long a3);
-extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
+extern void audit_syscall_exit(int failed, long return_code);
extern void audit_getname(const char *name);
extern void audit_putname(const char *name);
extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags);
@@ -329,8 +329,8 @@ extern int audit_set_macxattr(const char
#else
#define audit_alloc(t) ({ 0; })
#define audit_free(t) do { ; } while (0)
-#define audit_syscall_entry(t,ta,a,b,c,d,e) do { ; } while (0)
-#define audit_syscall_exit(t,f,r) do { ; } while (0)
+#define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
+#define audit_syscall_exit(f,r) do { ; } while (0)
#define audit_getname(n) do { ; } while (0)
#define audit_putname(n) do { ; } while (0)
#define __audit_inode(n,i,f) do { ; } while (0)
Only in linux-2.6.16.x86_64/include/linux: audit.h.orig
diff -urp linux-2.6.16.x86_64.orig/kernel/auditsc.c linux-2.6.16.x86_64/kernel/auditsc.c
--- linux-2.6.16.x86_64.orig/kernel/auditsc.c 2006-03-31 14:45:14.000000000 -0500
+++ linux-2.6.16.x86_64/kernel/auditsc.c 2006-03-31 15:05:49.000000000 -0500
@@ -373,7 +373,6 @@ static enum audit_state audit_filter_sys
return AUDIT_BUILD_CONTEXT;
}
-/* This should be called with task_lock() held. */
static inline struct audit_context *audit_get_context(struct task_struct *tsk,
int return_valid,
int return_code)
@@ -542,7 +541,7 @@ static inline void audit_free_context(st
printk(KERN_ERR "audit: freed %d contexts\n", count);
}
-static void audit_log_task_context(struct audit_buffer *ab, gfp_t gfp_mask)
+static void audit_log_task_context(struct audit_buffer *ab)
{
char *ctx = NULL;
ssize_t len = 0;
@@ -554,7 +553,7 @@ static void audit_log_task_context(struc
return;
}
- ctx = kmalloc(len, gfp_mask);
+ ctx = kmalloc(len, GFP_KERNEL);
if (!ctx)
goto error_path;
@@ -572,47 +571,46 @@ error_path:
return;
}
-static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk, gfp_t gfp_mask)
+static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
{
char name[sizeof(tsk->comm)];
struct mm_struct *mm = tsk->mm;
struct vm_area_struct *vma;
+ /* tsk == current */
+
get_task_comm(name, tsk);
audit_log_format(ab, " comm=");
audit_log_untrustedstring(ab, name);
- if (!mm)
- return;
-
- /*
- * this is brittle; all callers that pass GFP_ATOMIC will have
- * NULL tsk->mm and we won't get here.
- */
- down_read(&mm->mmap_sem);
- vma = mm->mmap;
- while (vma) {
- if ((vma->vm_flags & VM_EXECUTABLE) &&
- vma->vm_file) {
- audit_log_d_path(ab, "exe=",
- vma->vm_file->f_dentry,
- vma->vm_file->f_vfsmnt);
- break;
+ if (mm) {
+ down_read(&mm->mmap_sem);
+ vma = mm->mmap;
+ while (vma) {
+ if ((vma->vm_flags & VM_EXECUTABLE) &&
+ vma->vm_file) {
+ audit_log_d_path(ab, "exe=",
+ vma->vm_file->f_dentry,
+ vma->vm_file->f_vfsmnt);
+ break;
+ }
+ vma = vma->vm_next;
}
- vma = vma->vm_next;
+ up_read(&mm->mmap_sem);
}
- up_read(&mm->mmap_sem);
- audit_log_task_context(ab, gfp_mask);
+ audit_log_task_context(ab);
}
-static void audit_log_exit(struct audit_context *context, struct task_struct *tsk, gfp_t gfp_mask)
+static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
{
int i, call_panic = 0;
struct audit_buffer *ab;
struct audit_aux_data *aux;
const char *tty;
- ab = audit_log_start(context, gfp_mask, AUDIT_SYSCALL);
+ /* tsk == current */
+
+ ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
if (!ab)
return; /* audit_panic has been called */
audit_log_format(ab, "arch=%x syscall=%d",
@@ -643,12 +641,12 @@ static void audit_log_exit(struct audit_
context->gid,
context->euid, context->suid, context->fsuid,
context->egid, context->sgid, context->fsgid, tty);
- audit_log_task_info(ab, gfp_mask);
+ audit_log_task_info(ab, tsk);
audit_log_end(ab);
for (aux = context->aux; aux; aux = aux->next) {
- ab = audit_log_start(context, gfp_mask, aux->type);
+ ab = audit_log_start(context, GFP_KERNEL, aux->type);
if (!ab)
continue; /* audit_panic has been called */
@@ -697,7 +695,7 @@ static void audit_log_exit(struct audit_
}
if (context->pwd && context->pwdmnt) {
- ab = audit_log_start(context, gfp_mask, AUDIT_CWD);
+ ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD);
if (ab) {
audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt);
audit_log_end(ab);
@@ -707,7 +705,7 @@ static void audit_log_exit(struct audit_
unsigned long ino = context->names[i].ino;
unsigned long pino = context->names[i].pino;
- ab = audit_log_start(context, gfp_mask, AUDIT_PATH);
+ ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH);
if (!ab)
continue; /* audit_panic has been called */
@@ -756,19 +754,12 @@ static void audit_log_exit(struct audit_
* audit_free - free a per-task audit context
* @tsk: task whose audit context block to free
*
- * Called from copy_process and __put_task_struct.
+ * Called from copy_process and do_exit
*/
void audit_free(struct task_struct *tsk)
{
struct audit_context *context;
- /*
- * No need to lock the task - when we execute audit_free()
- * then the task has no external references anymore, and
- * we are tearing it down. (The locking also confuses
- * DEBUG_LOCKDEP - this freeing may occur in softirq
- * contexts as well, via RCU.)
- */
context = audit_get_context(tsk, 0, 0);
if (likely(!context))
return;
@@ -777,8 +768,9 @@ void audit_free(struct task_struct *tsk)
* function (e.g., exit_group), then free context block.
* We use GFP_ATOMIC here because we might be doing this
* in the context of the idle thread */
+ /* that can happen only if we are called from do_exit() */
if (context->in_syscall && context->auditable)
- audit_log_exit(context, tsk, GFP_ATOMIC);
+ audit_log_exit(context, tsk);
audit_free_context(context);
}
@@ -801,10 +793,11 @@ void audit_free(struct task_struct *tsk)
* will only be written if another part of the kernel requests that it
* be written).
*/
-void audit_syscall_entry(struct task_struct *tsk, int arch, int major,
+void audit_syscall_entry(int arch, int major,
unsigned long a1, unsigned long a2,
unsigned long a3, unsigned long a4)
{
+ struct task_struct *tsk = current;
struct audit_context *context = tsk->audit_context;
enum audit_state state;
@@ -882,22 +875,18 @@ void audit_syscall_entry(struct task_str
* message), then write out the syscall information. In call cases,
* free the names stored from getname().
*/
-void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code)
+void audit_syscall_exit(int valid, long return_code)
{
+ struct task_struct *tsk = current;
struct audit_context *context;
- get_task_struct(tsk);
- task_lock(tsk);
context = audit_get_context(tsk, valid, return_code);
- task_unlock(tsk);
- /* Not having a context here is ok, since the parent may have
- * called __put_task_struct. */
if (likely(!context))
- goto out;
+ return;
if (context->in_syscall && context->auditable)
- audit_log_exit(context, tsk, GFP_KERNEL);
+ audit_log_exit(context, tsk);
context->in_syscall = 0;
context->auditable = 0;
@@ -912,8 +901,6 @@ void audit_syscall_exit(struct task_stru
audit_free_aux(context);
tsk->audit_context = context;
}
- out:
- put_task_struct(tsk);
}
/**
diff -urp linux-2.6.16.x86_64.orig/kernel/auditsc.c.orig linux-2.6.16.x86_64/kernel/auditsc.c.orig
--- linux-2.6.16.x86_64.orig/kernel/auditsc.c.orig 2006-03-31 14:45:03.000000000 -0500
+++ linux-2.6.16.x86_64/kernel/auditsc.c.orig 2006-03-31 15:05:46.000000000 -0500
@@ -572,13 +572,13 @@ error_path:
return;
}
-static void audit_log_task_info(struct audit_buffer *ab, gfp_t gfp_mask)
+static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk, gfp_t gfp_mask)
{
- char name[sizeof(current->comm)];
- struct mm_struct *mm = current->mm;
+ char name[sizeof(tsk->comm)];
+ struct mm_struct *mm = tsk->mm;
struct vm_area_struct *vma;
- get_task_comm(name, current);
+ get_task_comm(name, tsk);
audit_log_format(ab, " comm=");
audit_log_untrustedstring(ab, name);
@@ -587,7 +587,7 @@ static void audit_log_task_info(struct a
/*
* this is brittle; all callers that pass GFP_ATOMIC will have
- * NULL current->mm and we won't get here.
+ * NULL tsk->mm and we won't get here.
*/
down_read(&mm->mmap_sem);
vma = mm->mmap;
@@ -605,7 +605,7 @@ static void audit_log_task_info(struct a
audit_log_task_context(ab, gfp_mask);
}
-static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
+static void audit_log_exit(struct audit_context *context, struct task_struct *tsk, gfp_t gfp_mask)
{
int i, call_panic = 0;
struct audit_buffer *ab;
@@ -623,8 +623,8 @@ static void audit_log_exit(struct audit_
audit_log_format(ab, " success=%s exit=%ld",
(context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
context->return_code);
- if (current->signal->tty && current->signal->tty->name)
- tty = current->signal->tty->name;
+ if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
+ tty = tsk->signal->tty->name;
else
tty = "(none)";
audit_log_format(ab,
@@ -778,7 +778,7 @@ void audit_free(struct task_struct *tsk)
* We use GFP_ATOMIC here because we might be doing this
* in the context of the idle thread */
if (context->in_syscall && context->auditable)
- audit_log_exit(context, GFP_ATOMIC);
+ audit_log_exit(context, tsk, GFP_ATOMIC);
audit_free_context(context);
}
@@ -897,7 +897,7 @@ void audit_syscall_exit(struct task_stru
goto out;
if (context->in_syscall && context->auditable)
- audit_log_exit(context, GFP_KERNEL);
+ audit_log_exit(context, tsk, GFP_KERNEL);
context->in_syscall = 0;
context->auditable = 0;
diff -urp linux-2.6.16.x86_64.orig/kernel/exit.c linux-2.6.16.x86_64/kernel/exit.c
--- linux-2.6.16.x86_64.orig/kernel/exit.c 2006-03-31 08:32:14.000000000 -0500
+++ linux-2.6.16.x86_64/kernel/exit.c 2006-03-31 15:05:49.000000000 -0500
@@ -859,6 +859,8 @@ fastcall NORET_TYPE void do_exit(long co
current->tux_exit();
}
}
+ if (unlikely(tsk->audit_context))
+ audit_free(tsk);
exit_mm(tsk);
exit_sem(tsk);
diff -urp linux-2.6.16.x86_64.orig/kernel/exit.c.orig linux-2.6.16.x86_64/kernel/exit.c.orig
--- linux-2.6.16.x86_64.orig/kernel/exit.c.orig 2006-03-31 08:32:14.000000000 -0500
+++ linux-2.6.16.x86_64/kernel/exit.c.orig 2006-03-31 15:05:46.000000000 -0500
@@ -851,6 +851,13 @@ fastcall NORET_TYPE void do_exit(long co
hrtimer_cancel(&tsk->signal->real_timer);
exit_itimers(tsk->signal);
acct_process(code);
+ if (current->tux_info) {
+#ifdef CONFIG_TUX_DEBUG
+ printk("Possibly unexpected TUX-thread exit(%ld) at %p?\n",
+ code, __builtin_return_address(0));
+#endif
+ current->tux_exit();
+ }
}
exit_mm(tsk);
diff -urp linux-2.6.16.x86_64.orig/kernel/fork.c linux-2.6.16.x86_64/kernel/fork.c
--- linux-2.6.16.x86_64.orig/kernel/fork.c 2006-03-31 08:32:14.000000000 -0500
+++ linux-2.6.16.x86_64/kernel/fork.c 2006-03-31 15:05:49.000000000 -0500
@@ -116,8 +116,6 @@ void __put_task_struct_cb(struct rcu_hea
WARN_ON(atomic_read(&tsk->usage));
WARN_ON(tsk == current);
- if (unlikely(tsk->audit_context))
- audit_free(tsk);
security_task_free(tsk);
free_uid(tsk->user);
put_group_info(tsk->group_info);
linux-2.6-audit-inode-sid.patch:
include/linux/selinux.h | 34 ++++++++++++++++++++++++++++
kernel/auditsc.c | 53 +++++++++++++--------------------------------
security/selinux/exports.c | 24 ++++++++++++++++++++
3 files changed, 74 insertions(+), 37 deletions(-)
--- NEW FILE linux-2.6-audit-inode-sid.patch ---
diff -urp linux-2.6.16.x86_64.orig/include/linux/selinux.h linux-2.6.16.x86_64/include/linux/selinux.h
--- linux-2.6.16.x86_64.orig/include/linux/selinux.h 2006-03-30 12:01:15.000000000 -0500
+++ linux-2.6.16.x86_64/include/linux/selinux.h 2006-03-30 12:04:42.000000000 -0500
@@ -15,6 +15,7 @@
struct selinux_audit_rule;
struct audit_context;
+struct inode;
#ifdef CONFIG_SECURITY_SELINUX
@@ -76,6 +77,27 @@ void selinux_audit_set_callback(int (*ca
*/
void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid);
+/**
+ * selinux_ctxid_to_string - map a security context ID to a string
+ * @ctxid: security context ID to be converted.
+ * @ctx: address of context string to be returned
+ * @ctxlen: length of returned context string.
+ *
+ * Returns 0 if successful, -errno if not. On success, the context
+ * string will be allocated internally, and the caller must call
+ * kfree() on it after use.
+ */
+int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen);
+
+/**
+ * selinux_get_inode_sid - get the inode's security context ID
+ * @inode: inode structure to get the sid from.
+ * @sid: pointer to security context ID to be filled in.
+ *
+ * Returns nothing
+ */
+void selinux_get_inode_sid(const struct inode *inode, u32 *sid);
+
#else
static inline int selinux_audit_rule_init(u32 field, u32 op,
@@ -107,6 +128,18 @@ static inline void selinux_task_ctxid(st
*ctxid = 0;
}
+static inline int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen)
+{
+ *ctx = NULL;
+ *ctxlen = 0;
+ return 0;
+}
+
+static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
+{
+ *sid = 0;
+}
+
#endif /* CONFIG_SECURITY_SELINUX */
#endif /* _LINUX_SELINUX_H */
diff -urp linux-2.6.16.x86_64.orig/kernel/auditsc.c linux-2.6.16.x86_64/kernel/auditsc.c
--- linux-2.6.16.x86_64.orig/kernel/auditsc.c 2006-03-30 12:01:21.000000000 -0500
+++ linux-2.6.16.x86_64/kernel/auditsc.c 2006-03-30 12:06:01.000000000 -0500
@@ -90,7 +90,7 @@ struct audit_names {
uid_t uid;
gid_t gid;
dev_t rdev;
- char *ctx;
+ u32 osid;
};
struct audit_aux_data {
@@ -435,9 +435,6 @@ static inline void audit_free_names(stru
#endif
for (i = 0; i < context->name_count; i++) {
- char *p = context->names[i].ctx;
- context->names[i].ctx = NULL;
- kfree(p);
if (context->names[i].name)
__putname(context->names[i].name);
}
@@ -700,6 +697,7 @@ static void audit_log_exit(struct audit_
}
}
for (i = 0; i < context->name_count; i++) {
+ int call_panic = 0;
unsigned long ino = context->names[i].ino;
unsigned long pino = context->names[i].pino;
@@ -729,12 +727,22 @@ static void audit_log_exit(struct audit_
context->names[i].gid,
MAJOR(context->names[i].rdev),
MINOR(context->names[i].rdev));
- if (context->names[i].ctx) {
- audit_log_format(ab, " obj=%s",
- context->names[i].ctx);
+ if (context->names[i].osid != 0) {
+ char *ctx = NULL;
+ u32 len;
+ if (selinux_ctxid_to_string(
+ context->names[i].osid, &ctx, &len)) {
+ audit_log_format(ab, " obj=%u",
+ context->names[i].osid);
+ call_panic = 1;
+ } else
+ audit_log_format(ab, " obj=%s", ctx);
+ kfree(ctx);
}
audit_log_end(ab);
+ if (call_panic)
+ audit_panic("error converting sid to string");
}
}
@@ -983,37 +991,8 @@ void audit_putname(const char *name)
void audit_inode_context(int idx, const struct inode *inode)
{
struct audit_context *context = current->audit_context;
- const char *suffix = security_inode_xattr_getsuffix();
- char *ctx = NULL;
- int len = 0;
-
- if (!suffix)
- goto ret;
-
- len = security_inode_getsecurity(inode, suffix, NULL, 0, 0);
- if (len == -EOPNOTSUPP)
- goto ret;
- if (len < 0)
- goto error_path;
-
- ctx = kmalloc(len, GFP_KERNEL);
- if (!ctx)
- goto error_path;
- len = security_inode_getsecurity(inode, suffix, ctx, len, 0);
- if (len < 0)
- goto error_path;
-
- kfree(context->names[idx].ctx);
- context->names[idx].ctx = ctx;
- goto ret;
-
-error_path:
- if (ctx)
- kfree(ctx);
- audit_panic("error in audit_inode_context");
-ret:
- return;
+ selinux_get_inode_sid(inode, &context->names[idx].osid);
}
diff -urp linux-2.6.16.x86_64.orig/security/selinux/exports.c linux-2.6.16.x86_64/security/selinux/exports.c
--- linux-2.6.16.x86_64.orig/security/selinux/exports.c 2006-03-30 12:01:23.000000000 -0500
+++ linux-2.6.16.x86_64/security/selinux/exports.c 2006-03-30 12:05:30.000000000 -0500
@@ -14,6 +14,7 @@
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/selinux.h>
+#include <linux/fs.h>
#include "security.h"
#include "objsec.h"
@@ -26,3 +27,26 @@ void selinux_task_ctxid(struct task_stru
else
*ctxid = 0;
}
+
+int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen)
+{
+ if (selinux_enabled)
+ return security_sid_to_context(ctxid, ctx, ctxlen);
+ else {
+ *ctx = NULL;
+ *ctxlen = 0;
+ }
+
+ return 0;
+}
+
+void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
+{
+ if (selinux_enabled) {
+ struct inode_security_struct *isec = inode->i_security;
+ *sid = isec->sid;
+ return;
+ }
+ *sid = 0;
+}
+
linux-2.6-audit-ipc-sid.patch:
include/linux/security.h | 16 ----------
include/linux/selinux.h | 15 +++++++++
kernel/auditsc.c | 68 +++++++++++++--------------------------------
security/dummy.c | 6 ---
security/selinux/exports.c | 11 +++++++
security/selinux/hooks.c | 8 -----
6 files changed, 47 insertions(+), 77 deletions(-)
--- NEW FILE linux-2.6-audit-ipc-sid.patch ---
diff -urp linux-2.6.16.x86_64.orig/include/linux/security.h linux-2.6.16.x86_64/include/linux/security.h
--- linux-2.6.16.x86_64.orig/include/linux/security.h 2006-03-31 08:32:05.000000000 -0500
+++ linux-2.6.16.x86_64/include/linux/security.h 2006-03-31 09:58:48.000000000 -0500
@@ -869,11 +869,6 @@ struct swap_info_struct;
* @ipcp contains the kernel IPC permission structure
* @flag contains the desired (requested) permission set
* Return 0 if permission is granted.
- * @ipc_getsecurity:
- * Copy the security label associated with the ipc object into
- * @buffer. @buffer may be NULL to request the size of the buffer
- * required. @size indicates the size of @buffer in bytes. Return
- * number of bytes used/required on success.
*
* Security hooks for individual messages held in System V IPC message queues
* @msg_msg_alloc_security:
@@ -1223,7 +1218,6 @@ struct security_operations {
void (*task_to_inode)(struct task_struct *p, struct inode *inode);
int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);
- int (*ipc_getsecurity)(struct kern_ipc_perm *ipcp, void *buffer, size_t size);
int (*msg_msg_alloc_security) (struct msg_msg * msg);
void (*msg_msg_free_security) (struct msg_msg * msg);
@@ -1881,11 +1875,6 @@ static inline int security_ipc_permissio
return security_ops->ipc_permission (ipcp, flag);
}
-static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
-{
- return security_ops->ipc_getsecurity(ipcp, buffer, size);
-}
-
static inline int security_msg_msg_alloc (struct msg_msg * msg)
{
return security_ops->msg_msg_alloc_security (msg);
@@ -2521,11 +2510,6 @@ static inline int security_ipc_permissio
return 0;
}
-static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
-{
- return -EOPNOTSUPP;
-}
-
static inline int security_msg_msg_alloc (struct msg_msg * msg)
{
return 0;
diff -urp linux-2.6.16.x86_64.orig/include/linux/selinux.h linux-2.6.16.x86_64/include/linux/selinux.h
--- linux-2.6.16.x86_64.orig/include/linux/selinux.h 2006-03-31 08:32:09.000000000 -0500
+++ linux-2.6.16.x86_64/include/linux/selinux.h 2006-03-31 08:55:33.000000000 -0500
@@ -16,6 +16,7 @@
struct selinux_audit_rule;
struct audit_context;
struct inode;
+struct kern_ipc_perm;
#ifdef CONFIG_SECURITY_SELINUX
@@ -98,6 +99,15 @@ int selinux_ctxid_to_string(u32 ctxid, c
*/
void selinux_get_inode_sid(const struct inode *inode, u32 *sid);
+/**
+ * selinux_get_ipc_sid - get the ipc security context ID
+ * @ipcp: ipc structure to get the sid from.
+ * @sid: pointer to security context ID to be filled in.
+ *
+ * Returns nothing
+ */
+void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid);
+
#else
static inline int selinux_audit_rule_init(u32 field, u32 op,
@@ -141,6 +151,11 @@ static inline void selinux_get_inode_sid
*sid = 0;
}
+static inline void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
+{
+ *sid = 0;
+}
+
#endif /* CONFIG_SECURITY_SELINUX */
#endif /* _LINUX_SELINUX_H */
diff -urp linux-2.6.16.x86_64.orig/kernel/auditsc.c linux-2.6.16.x86_64/kernel/auditsc.c
--- linux-2.6.16.x86_64.orig/kernel/auditsc.c 2006-03-31 08:32:14.000000000 -0500
+++ linux-2.6.16.x86_64/kernel/auditsc.c 2006-03-31 08:55:33.000000000 -0500
@@ -107,7 +107,7 @@ struct audit_aux_data_ipcctl {
uid_t uid;
gid_t gid;
mode_t mode;
- char *ctx;
+ u32 osid;
};
struct audit_aux_data_socketcall {
@@ -457,11 +457,6 @@ static inline void audit_free_aux(struct
dput(axi->dentry);
mntput(axi->mnt);
}
- if ( aux->type == AUDIT_IPC ) {
- struct audit_aux_data_ipcctl *axi = (void *)aux;
- if (axi->ctx)
- kfree(axi->ctx);
- }
context->aux = aux->next;
kfree(aux);
@@ -612,7 +607,7 @@ static void audit_log_task_info(struct a
static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
{
- int i;
+ int i, call_panic = 0;
struct audit_buffer *ab;
struct audit_aux_data *aux;
const char *tty;
@@ -661,8 +656,20 @@ static void audit_log_exit(struct audit_
case AUDIT_IPC: {
struct audit_aux_data_ipcctl *axi = (void *)aux;
audit_log_format(ab,
- " qbytes=%lx iuid=%u igid=%u mode=%x obj=%s",
- axi->qbytes, axi->uid, axi->gid, axi->mode, axi->ctx);
+ " qbytes=%lx iuid=%u igid=%u mode=%x",
+ axi->qbytes, axi->uid, axi->gid, axi->mode);
+ if (axi->osid != 0) {
+ char *ctx = NULL;
+ u32 len;
+ if (selinux_ctxid_to_string(
+ axi->osid, &ctx, &len)) {
+ audit_log_format(ab, " obj=%u",
+ axi->osid);
+ call_panic = 1;
+ } else
+ audit_log_format(ab, " obj=%s", ctx);
+ kfree(ctx);
+ }
break; }
case AUDIT_SOCKETCALL: {
@@ -697,7 +704,6 @@ static void audit_log_exit(struct audit_
}
}
for (i = 0; i < context->name_count; i++) {
- int call_panic = 0;
unsigned long ino = context->names[i].ino;
unsigned long pino = context->names[i].pino;
@@ -734,16 +740,16 @@ static void audit_log_exit(struct audit_
context->names[i].osid, &ctx, &len)) {
audit_log_format(ab, " obj=%u",
context->names[i].osid);
- call_panic = 1;
+ call_panic = 2;
} else
audit_log_format(ab, " obj=%s", ctx);
kfree(ctx);
}
audit_log_end(ab);
- if (call_panic)
- audit_panic("error converting sid to string");
}
+ if (call_panic)
+ audit_panic("error converting sid to string");
}
/**
@@ -988,7 +994,7 @@ void audit_putname(const char *name)
#endif
}
-void audit_inode_context(int idx, const struct inode *inode)
+static void audit_inode_context(int idx, const struct inode *inode)
{
struct audit_context *context = current->audit_context;
@@ -1161,38 +1167,6 @@ uid_t audit_get_loginuid(struct audit_co
return ctx ? ctx->loginuid : -1;
}
-static char *audit_ipc_context(struct kern_ipc_perm *ipcp)
-{
- struct audit_context *context = current->audit_context;
- char *ctx = NULL;
- int len = 0;
-
- if (likely(!context))
- return NULL;
-
- len = security_ipc_getsecurity(ipcp, NULL, 0);
- if (len == -EOPNOTSUPP)
- goto ret;
- if (len < 0)
- goto error_path;
-
- ctx = kmalloc(len, GFP_ATOMIC);
- if (!ctx)
- goto error_path;
-
- len = security_ipc_getsecurity(ipcp, ctx, len);
- if (len < 0)
- goto error_path;
-
- return ctx;
-
-error_path:
- kfree(ctx);
- audit_panic("error in audit_ipc_context");
-ret:
- return NULL;
-}
-
/**
* audit_ipc_perms - record audit data for ipc
* @qbytes: msgq bytes
@@ -1218,7 +1192,7 @@ int audit_ipc_perms(unsigned long qbytes
ax->uid = uid;
ax->gid = gid;
ax->mode = mode;
- ax->ctx = audit_ipc_context(ipcp);
+ selinux_get_ipc_sid(ipcp, &ax->osid);
ax->d.type = AUDIT_IPC;
ax->d.next = context->aux;
diff -urp linux-2.6.16.x86_64.orig/security/dummy.c linux-2.6.16.x86_64/security/dummy.c
--- linux-2.6.16.x86_64.orig/security/dummy.c 2006-03-31 08:32:15.000000000 -0500
+++ linux-2.6.16.x86_64/security/dummy.c 2006-03-31 11:51:09.000000000 -0500
@@ -563,11 +563,6 @@ static int dummy_ipc_permission (struct
return 0;
}
-static int dummy_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
-{
- return -EOPNOTSUPP;
-}
-
static int dummy_msg_msg_alloc_security (struct msg_msg *msg)
{
return 0;
@@ -970,7 +965,6 @@ void security_fixup_ops (struct security
set_to_dummy_if_null(ops, task_reparent_to_init);
set_to_dummy_if_null(ops, task_to_inode);
set_to_dummy_if_null(ops, ipc_permission);
- set_to_dummy_if_null(ops, ipc_getsecurity);
set_to_dummy_if_null(ops, msg_msg_alloc_security);
set_to_dummy_if_null(ops, msg_msg_free_security);
set_to_dummy_if_null(ops, msg_queue_alloc_security);
diff -urp linux-2.6.16.x86_64.orig/security/selinux/exports.c linux-2.6.16.x86_64/security/selinux/exports.c
--- linux-2.6.16.x86_64.orig/security/selinux/exports.c 2006-03-31 08:32:15.000000000 -0500
+++ linux-2.6.16.x86_64/security/selinux/exports.c 2006-03-31 08:55:33.000000000 -0500
@@ -15,6 +15,7 @@
#include <linux/module.h>
#include <linux/selinux.h>
#include <linux/fs.h>
+#include <linux/ipc.h>
#include "security.h"
#include "objsec.h"
@@ -50,3 +51,13 @@ void selinux_get_inode_sid(const struct
*sid = 0;
}
+void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
+{
+ if (selinux_enabled) {
+ struct ipc_security_struct *isec = ipcp->security;
+ *sid = isec->sid;
+ return;
+ }
+ *sid = 0;
+}
+
diff -urp linux-2.6.16.x86_64.orig/security/selinux/hooks.c linux-2.6.16.x86_64/security/selinux/hooks.c
--- linux-2.6.16.x86_64.orig/security/selinux/hooks.c 2006-03-31 08:32:15.000000000 -0500
+++ linux-2.6.16.x86_64/security/selinux/hooks.c 2006-03-31 09:58:06.000000000 -0500
@@ -4016,13 +4016,6 @@ static int selinux_ipc_permission(struct
return ipc_has_perm(ipcp, av);
}
-static int selinux_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
-{
- struct ipc_security_struct *isec = ipcp->security;
-
- return selinux_getsecurity(isec->sid, buffer, size);
-}
-
/* module stacking operations */
static int selinux_register_security (const char *name, struct security_operations *ops)
{
@@ -4285,7 +4278,6 @@ static struct security_operations selinu
.task_to_inode = selinux_task_to_inode,
.ipc_permission = selinux_ipc_permission,
- .ipc_getsecurity = selinux_ipc_getsecurity,
.msg_msg_alloc_security = selinux_msg_msg_alloc_security,
.msg_msg_free_security = selinux_msg_msg_free_security,
Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-5/kernel-2.6.spec,v
retrieving revision 1.2074.2.2
retrieving revision 1.2074.2.3
diff -u -r1.2074.2.2 -r1.2074.2.3
--- kernel-2.6.spec 27 Mar 2006 15:08:16 -0000 1.2074.2.2
+++ kernel-2.6.spec 31 Mar 2006 21:04:06 -0000 1.2074.2.3
@@ -11,7 +11,7 @@
%define buildxen 0
%define buildxenPAE 0
%define builddoc 0
-%define buildkdump 1
+%define buildkdump 0
# Versions of various parts
@@ -24,7 +24,7 @@
%define sublevel 16
%define kversion 2.6.%{sublevel}
%define rpmversion 2.6.%{sublevel}
-%define rhbsys .lspp.14
+%define rhbsys .lspp.15
%define release %(R="$Revision$"; RR="${R##: }"; echo ${RR%%?})_FC5%{rhbsys}
%define signmodules 0
%define make_target bzImage
@@ -439,6 +439,10 @@
Patch20104: 0003-Inotify-kernel-API.patch
Patch20105: 0004-filesystem-location-based-auditing.patch
Patch20106: linux-2.6-audit-sockaddr.patch
+Patch20107: linux-2.6-audit-inode-sid.patch
+Patch20108: linux-2.6-audit-ipc-sid.patch
+Patch20109: linux-2.6-audit-cur-cleanup.patch
+Patch20110: linux-2.6-audit-exit.patch
# END OF PATCH DEFINITIONS
@@ -1097,6 +1101,10 @@
%patch20104 -p1
%patch20105 -p1
%patch20106 -p1
+%patch20107 -p1
+%patch20108 -p1
+%patch20109 -p1
+%patch20110 -p1
# END OF PATCH APPLICATIONS
@@ -1688,6 +1696,9 @@
%endif
%changelog
+* Fri Mar 31 2006 Steve Grubb <sgrubb at redhat.com>
+- lspp.15 kernel
+
* Mon Mar 27 2006 Steve Grubb <sgrubb at redhat.com>
- lspp.14 kernel
More information about the fedora-cvs-commits
mailing list