[PATCH v3 0/4] audit(userspace): Improve arm/aarch64 support

AKASHI Takahiro takahiro.akashi at linaro.org
Mon Feb 3 06:57:57 UTC 2014 

On ARM, endianness doesn't make any differences on auditing.
See the discussion below:
  http://permalink.gmane.org/gmane.linux.ports.arm.kernel/165266
In this version, mistakenly used "ARMEB" and "armeb" are substituted
with "ARM" and "arm" respectively in Patches [1,2/4].

patch [3/4] adds more system call definitions for aarch64 (or arm64 in
kernel) that are missing in the current implementation.
  https://www.redhat.com/archives/linux-audit/2013-November/msg00082.html

Patch [4/4] enables auditing 32-bit tasks (ie. auditctl -F arch=b32).

This code replies on my kernel patch for aarch64 support, and
was tested on armv8 fast model with 32-bit/64-bit userland:
1) basic operations with auditctl/autrace
  # auditctl -a exit,always -S openat -F path=/etc/inittab
  # auditctl -a exit,always -F dir=/tmp -F perm=rw
  # auditctl -a task,always
  # autrace /bin/ls
    by comparing output from autrace with one from strace

2) audit-test-code (+ my workarounds for arm/arm64)
  by running "audit-tool", "filter" and "syscalls" test categories.

Changes v2 -> v3:
* The previous [2/3] patch was replaced by [1,2/4] due to the reason above
* remove a ARMEB-related conditional from [4/4]

AKASHI Takahiro (4):
  audit(userspace): Rename ARMEB to ARM
  audit(userspace): Rename armeb to arm
  audit(userspace): Add missing syscalls for AArch64
  audit(userspace): Add compat system call support for AArch64

 arm_table.h                 |  365 +++++++++++++++++++++++++++++++++++++++++++
 config.guess                |    1 -
 config.h.in                 |    2 +-
 config.sub                  |    2 +-
 configure                   |   38 ++---
 configure.ac                |   16 +-
 lib/Makefile.am             |   14 +-
 lib/Makefile.in             |   62 ++++----
 lib/aarch64_table.h         |   17 +-
 lib/armeb_table.h           |  365 -------------------------------------------
 lib/libaudit.c              |    7 +-
 lib/libaudit.h              |    2 +-
 lib/lookup_table.c          |   20 +--
 lib/machinetab.h            |   13 +-
 lib/test/lookup_test.c      |   16 +-
 swig/audit.py               |    2 +-
 tools/ausyscall/ausyscall.c |    4 +-
 17 files changed, 480 insertions(+), 466 deletions(-)
 create mode 100644 arm_table.h
 delete mode 100644 lib/armeb_table.h

-- 
1.7.9.5

More information about the Linux-audit mailing list