[PATCH] cleanups + fixes against audit.56
David Woodhouse
dwmw2 at infradead.org
Fri Jun 17 16:41:52 UTC 2005
On Wed, 2005-06-15 at 14:56 -0500, Timothy R. Chavez wrote:
>
> This patch introduces fixes for:
>
> 1. sys_rename() return code debacle
> ->
> as a side effect of removing the error handling from fs/namei.c this bug was
> also removed
>
> 2. leaky memory in auditfs_attach_wdata in failure path
>
> 3. NULL dereference on audit_inode_free()
> ->
> race could occur between the child inode being deleted and the watch being
> removed from parent
>
> This patch adds:
>
> 1. Implicit watc removal message with -1 loginuid
>
> 2. New type, AUDIT_FS_INODE (1308)
> ->
> now that we have watches per inode per record, we collect common inode
> information for the watch on AUDIT_FS_INODE and use AUDIT_FS_WATCH to list
> the watch information
>
> 3. Minor code cleanups (eliminating pointless goto's)
OK, it's built in audit.58 which is in the yum repository now.
> What's left:
>
> 1. Hooking chmod/chown/chgrp and the appropriate ACL calls (Me)
>
> 2. Watch scalability problem (Me)
>
> 3. AUID filtering on USER messages and watches (David)
That's building in audit.59 which will be up there later.
> 4. PATH record woes... add a new token stating "I'm the parent of the file or
> I'm the file"
I'll do that next, along with going through the rest of Steve's bugzilla
items.
--
dwmw2
More information about the Linux-audit
mailing list