rpms/kernel/devel audit-git.patch, NONE, 1.1.2.1 linux-2.6-audit-namecount.patch, NONE, 1.1.2.1 kernel-2.6.spec, 1.2693, 1.2693.2.1
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Sun Sep 24 14:46:27 UTC 2006
Author: sgrubb
Update of /cvs/dist/rpms/kernel/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv24487
Modified Files:
Tag: private-lspp-49-branch
kernel-2.6.spec
Added Files:
Tag: private-lspp-49-branch
audit-git.patch linux-2.6-audit-namecount.patch
Log Message:
* Sun Sep 24 2006 Steve Grubb <sgrubb at redhat.com>
- lspp.49 kernel
audit-git.patch:
arch/powerpc/kernel/ptrace.c | 2 +-
include/asm-generic/audit_change_attr.h | 4 ++++
include/asm-generic/audit_dir_write.h | 4 ++++
lib/audit.c | 2 ++
4 files changed, 11 insertions(+), 1 deletion(-)
--- NEW FILE audit-git.patch ---
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
index dea75d7..cf1d1bc 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -553,7 +553,7 @@ #ifdef CONFIG_PPC32
#endif
if (unlikely(current->audit_context))
- audit_syscall_exit((regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS,
+ audit_syscall_exit((regs->ccr&0x10000000)?AUDITSC_FAILURE:AUDITSC_SUCCESS,
regs->result);
if ((test_thread_flag(TIF_SYSCALL_TRACE)
diff --git a/include/asm-generic/audit_change_attr.h b/include/asm-generic/audit_change_attr.h
index cb05bf6..5076455 100644
--- a/include/asm-generic/audit_change_attr.h
+++ b/include/asm-generic/audit_change_attr.h
@@ -1,16 +1,20 @@
__NR_chmod,
__NR_fchmod,
+#ifdef __NR_chown
__NR_chown,
__NR_fchown,
__NR_lchown,
+#endif
__NR_setxattr,
__NR_lsetxattr,
__NR_fsetxattr,
__NR_removexattr,
__NR_lremovexattr,
__NR_fremovexattr,
+#ifdef __NR_fchownat
__NR_fchownat,
__NR_fchmodat,
+#endif
#ifdef __NR_chown32
__NR_chown32,
__NR_fchown32,
diff --git a/include/asm-generic/audit_dir_write.h b/include/asm-generic/audit_dir_write.h
index 161a7a5..6621bd8 100644
--- a/include/asm-generic/audit_dir_write.h
+++ b/include/asm-generic/audit_dir_write.h
@@ -1,14 +1,18 @@
__NR_rename,
__NR_mkdir,
__NR_rmdir,
+#ifdef __NR_creat
__NR_creat,
+#endif
__NR_link,
__NR_unlink,
__NR_symlink,
__NR_mknod,
+#ifdef __NR_mkdirat
__NR_mkdirat,
__NR_mknodat,
__NR_unlinkat,
__NR_renameat,
__NR_linkat,
__NR_symlinkat,
+#endif
diff --git a/lib/audit.c b/lib/audit.c
index 8c21625..3b1289f 100644
--- a/lib/audit.c
+++ b/lib/audit.c
@@ -28,8 +28,10 @@ int audit_classify_syscall(int abi, unsi
switch(syscall) {
case __NR_open:
return 2;
+#ifdef __NR_openat
case __NR_openat:
return 3;
+#endif
#ifdef __NR_socketcall
case __NR_socketcall:
return 4;
linux-2.6-audit-namecount.patch:
auditsc.c | 21 +++++++++++++++++++--
1 files changed, 19 insertions(+), 2 deletions(-)
--- NEW FILE linux-2.6-audit-namecount.patch ---
diff -urp linux-2.6.18.x86_64.orig/kernel/auditsc.c linux-2.6.18.x86_64/kernel/auditsc.c
--- linux-2.6.18.x86_64.orig/kernel/auditsc.c 2006-09-24 08:24:27.000000000 -0400
+++ linux-2.6.18.x86_64/kernel/auditsc.c 2006-09-24 08:42:01.000000000 -0400
@@ -1347,7 +1347,13 @@ void __audit_inode_child(const char *dna
}
update_context:
- idx = context->name_count++;
+ idx = context->name_count;
+ if (context->name_count == AUDIT_NAMES) {
+ printk(KERN_DEBUG "name_count maxed and losing %s\n",
+ found_name ?: "(null)");
+ return;
+ }
+ context->name_count++;
#if AUDIT_DEBUG
context->ino_count++;
#endif
@@ -1365,7 +1371,18 @@ update_context:
/* A parent was not found in audit_names, so copy the inode data for the
* provided parent. */
if (!found_name) {
- idx = context->name_count++;
+ idx = context->name_count;
+ if (context->name_count == AUDIT_NAMES) {
+ printk(KERN_DEBUG
+ "name_count maxed and losing parent inode data: dev=%02x:%02x rdev=%02x:%02x, inode=%lu",
+ MAJOR(parent->i_sb->s_dev),
+ MINOR(parent->i_sb->s_dev),
+ MAJOR(parent->i_rdev),
+ MINOR(parent->i_rdev),
+ parent->i_ino);
+ return;
+ }
+ context->name_count++;
#if AUDIT_DEBUG
context->ino_count++;
#endif
Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/devel/kernel-2.6.spec,v
retrieving revision 1.2693
retrieving revision 1.2693.2.1
diff -u -r1.2693 -r1.2693.2.1
--- kernel-2.6.spec 22 Sep 2006 21:55:40 -0000 1.2693
+++ kernel-2.6.spec 24 Sep 2006 14:46:24 -0000 1.2693.2.1
@@ -10,10 +10,10 @@
# Whether to apply the Xen patches, leave this enabled.
%define includexen 1
# Whether to build the Xen kernels, disable if you want.
-%define buildxen 1
+%define buildxen 0
%define builddoc 0
-%define buildkdump 1
-%define buildheaders 1
+%define buildkdump 0
+%define buildheaders 0
# Versions of various parts
@@ -32,7 +32,8 @@
%define sublevel 18
%define kversion 2.6.%{sublevel}
%define rpmversion 2.6.%{sublevel}
-%define release %(R="$Revision$"; RR="${R##: }"; echo ${RR%%?})%{?dist}
+%define tag .lspp.49
+%define release %(R="$Revision$"; RR="${R##: }"; echo ${RR%%?})%{?dist}%tag
%define signmodules 0
%define xen_hv_cset 11540
%define make_target bzImage
@@ -531,6 +532,10 @@
# Xen hypervisor patches (20000+)
Patch20000: xen-printf-rate-limit.patch
+#audit patches
+Patch20100: audit-git.patch
+Patch20101: linux-2.6-audit-namecount.patch
+
# END OF PATCH DEFINITIONS
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -836,7 +841,7 @@
# Fix visibility of ptrace operations on 32-bit userspace
%patch305 -p1
# Fix checking for syscall success/failure
-%patch306 -p1
+#%patch306 -p1
# Fix SECCOMP for ppc32
%patch307 -p1
@@ -1076,7 +1081,7 @@
%patch1801 -p1
# Add support for SELinux range transitions
%patch1802 -p1
-%patch1803 -p1
+#%patch1803 -p1
# Warn about obsolete functionality usage.
%patch1900 -p1
@@ -1140,6 +1145,10 @@
#
%patch10000 -p1
+# Apply audit patches
+%patch20100 -p1
+%patch20101 -p1
+
%if 0%{?rhel}
#add in support for x86 and x86_64 relocatable kernels
%patch210 -p1
@@ -1917,6 +1926,9 @@
%endif
%changelog
+* Sun Sep 24 2006 Steve Grubb <sgrubb at redhat.com>
+- lspp.49 kernel
+
* Fri Sep 22 2006 David Woodhouse <dwmw2 at redhat.com>
- Fix PowerPC audit syscall success/failure check (#204927)
- Remove offsetof() from <linux/stddef.h> (#207569)
More information about the fedora-cvs-commits
mailing list