Updated Rawhide+LSPP kernel available.
Amy Griffis
amy.griffis at hp.com
Tue Jan 10 16:47:34 UTC 2006
David Woodhouse wrote: [Mon Jan 09 2006, 02:33:56PM EST]
> I'm currently uploading a 2.6.15-1.1826.2.8.2.1_FC5.lspp.5 kernel
> package, based on the kernel branch for Fedora Core 5 Test 2, to
> http://david.woodhou.se/lspp/kernel/
>
> This contains only the patches which are currently in my git tree at
> http://git.kernel.org/git/?p=linux/kernel/git/dwmw2/audit-2.6.git -- I'd
> like to send the contents of that tree to Linus now that 2.6.15 is
> released. OK?
>
> This is the changelog:
I'm not sure if this was your intention, but the following changelog
does not match the contents of your git tree. The changelog below
includes patches up to November of last year, while your git tree
contains patches up to Jan 4. I am unsure which set of changes are
intended for the -mm tree.
> commit efe4c9decd99b905e599fde2a00b73e70176d63a
> tree d8402fcd24a44573f6073dc51f79905aa62cc1ee
> parent 73bb3c2ee49e216264db6edd441754598978f43d
> author David Woodhouse <dwmw2 at infradead.org> Fri, 18 Nov 2005 14:43:54 +0000
> committer David Woodhouse <dwmw2 at infradead.org> Fri, 18 Nov 2005 14:43:54 +0000
>
> [AUDIT] Fix IA64 success/failure indication in syscall auditing.
>
> Original 2.6.9 patch and explanation from somewhere within HP via
> bugzilla...
>
> ia64 stores a success/failure code in r10, and the return value (normal
> return, or *positive* errno) in r8. The patch also sets the exit code to
> negative errno if it's a failure result for consistency with other
> architectures.
>
> Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
>
> commit 287b3527d50bcc5fa26acdb4d25b76b9cb503610
> tree 7760273dbe190a1d6702fafa81ca56f34d9be8b5
> parent cf85b1baa8ad2adfe0cf86b05b7913b5f655fa98
> author Dustin Kirkland <dustin.kirkland at us.ibm.com> Wed, 16 Nov 2005 15:53:13 +0000
> committer David Woodhouse <dwmw2 at infradead.org> Wed, 16 Nov 2005 15:53:13 +0000
>
> [AUDIT] Miscellaneous bug and warning fixes
>
> This patch fixes a couple of bugs revealed in new features recently
> added to -mm1:
> * fixes warnings due to inconsistent use of const struct inode *inode
> * fixes bug that prevent a kernel from booting with audit on, and SELinux off
> due to a missing function in security/dummy.c
> * fixes a bug that throws spurious audit_panic() messages due to a missing
> return just before an error_path label
> * some reasonable house cleaning in audit_ipc_context(),
> audit_inode_context(), and audit_log_task_context()
>
> Signed-off-by: Dustin Kirkland <dustin.kirkland at us.ibm.com>
> Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
>
> commit cf85b1baa8ad2adfe0cf86b05b7913b5f655fa98
> tree 8795faf34565dc6643bf4e908d9b01dcbe1d8f10
> parent 251dd82c7124db3fa7b88c4847e6eb25d59621cc
> author Andrew Morton <akpm at osdl.org> Mon, 07 Nov 2005 10:32:39 +0000
> committer David Woodhouse <dwmw2 at infradead.org> Mon, 07 Nov 2005 10:32:39 +0000
>
> [AUDIT] Fix !CONFIG_AUDIT definition of audit_ipc_perms()
>
> It gained an extra argument.
>
> Signed-off-by: Andrew Morton <akpm at osdl.org>
> Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
>
> commit 251dd82c7124db3fa7b88c4847e6eb25d59621cc
> tree fc27f08edcfe1ebf8872ebc31e0fcf2ec8e88bd1
> parent 184d50aa366f710442fe639b058c0d4a593c21fe
> author Andrew Morton <akpm at osdl.org> Mon, 07 Nov 2005 10:31:12 +0000
> committer David Woodhouse <dwmw2 at infradead.org> Mon, 07 Nov 2005 10:31:12 +0000
>
> [AUDIT] Remove superfluous check for kfree(NULL)
>
> Signed-off-by: Andrew Morton <akpm at osdl.org>
> Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
>
> commit 40bfd914033fbb9d8d9dfb34910a0506b5077e8c
> tree 5fd7ca4eb5856064509a63cedb938c97d5d53b66
> parent d0cf88729b22b89af17a747cb30b78c7a914a316
> author Dustin Kirkland <dustin.kirkland at us.ibm.com> Fri, 04 Nov 2005 08:03:53 +0000
> committer David Woodhouse <dwmw2 at infradead.org> Fri, 04 Nov 2005 08:03:53 +0000
>
> [AUDIT] Fix logic error in audit_filter_exclude()
>
> There's supposed to be an implicit AND between all subsequent rules in a
> given filter list. There's supposed to be an implicit OR between all
> subsequent filters of a given type. The way the audit_filter_exclude()
> code currently operates, it forces an implicit AND between all rules in
> all exclude filters. This trivial patch fixes that problem with correct
> logic. If any one of the rules fails in a given list, break out of
> examining that list and move on to the next list. If all rules succeed
> in a given list, return 1.
>
> Signed-off-by: Dustin Kirkland <dustin.kirkland at us.ibm.com>
> Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
>
> commit d0cf88729b22b89af17a747cb30b78c7a914a316
> tree dc882d918c525cf5993d052135f6fd62a84f5616
> parent f39d1c7bcc4e32c10d0815f2dbb7ec0890acd21c
> author Dustin Kirkland <dustin.kirkland at us.ibm.com> Thu, 03 Nov 2005 17:15:16 +0000
> committer David Woodhouse <dwmw2 at infradead.org> Thu, 03 Nov 2005 17:15:16 +0000
>
> [AUDIT] Capture selinux subject/object context information.
>
> This patch extends existing audit records with subject/object context
> information. Audit records associated with filesystem inodes, ipc, and
> tasks now contain SELinux label information in the field "subj" if the
> item is performing the action, or in "obj" if the item is the receiver
> of an action.
>
> These labels are collected via hooks in SELinux and appended to the
> appropriate record in the audit code.
>
> This additional information is required for Common Criteria Labeled
> Security Protection Profile (LSPP).
>
> Signed-off-by: Dustin Kirkland <dustin.kirkland at us.ibm.com>
> Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
>
> commit f39d1c7bcc4e32c10d0815f2dbb7ec0890acd21c
> tree f3e07c498121a63e90a3fbfe5401def695cb800c
> parent eaa82a665dfab434b194ad8018fbebbc084e87c0
> author Dustin Kirkland <dustin.kirkland at us.ibm.com> Thu, 03 Nov 2005 16:12:36 +0000
> committer David Woodhouse <dwmw2 at infradead.org> Thu, 03 Nov 2005 16:12:36 +0000
>
> [AUDIT] Exclude messages by message type
>
> - Add a new, 5th filter called "exclude".
> - And add a new field AUDIT_MSGTYPE.
> - Define a new function audit_filter_exclude() that takes a message type
> as input and examines all rules in the filter. It returns '1' if the
> message is to be excluded, and '0' otherwise.
> - Call the audit_filter_exclude() function near the top of
> audit_log_start() just after asserting audit_initialized. If the
> message type is not to be audited, return NULL very early, before
> doing a lot of work.
>
> Signed-off-by: Dustin Kirkland <dustin.kirkland at us.ibm.com>
> Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
>
> commit eaa82a665dfab434b194ad8018fbebbc084e87c0
> tree a972b384869466f7350e50eeb92ff1eb8ceb5313
> parent 4b1191d552f513aa3b275c821932471ef2152d3d
> author Amy Griffis <amy.griffis at hp.com> Thu, 03 Nov 2005 16:00:25 +0000
> committer David Woodhouse <dwmw2 at infradead.org> Thu, 03 Nov 2005 16:00:25 +0000
>
> [AUDIT] Collect more inode information during syscall processing.
>
> This patch augments the collection of inode info during syscall
> processing. It represents part of the functionality that was provided
> by the auditfs patch included in RHEL4.
>
> Specifically, it:
>
> - Collects information for target inodes created or removed during
> syscalls. Previous code only collects information for the target
> inode's parent.
>
> - Adds the audit_inode() hook to syscalls that operate on a file
> descriptor (e.g. fchown), enabling audit to do inode filtering for
> these calls.
>
> - Modifies filtering code to check audit context for either an inode #
> or a parent inode # matching a given rule.
>
> - Modifies logging to provide inode # for both parent and child.
>
> - Protect debug info from NULL audit_names.name.
>
> Signed-off-by: Amy Griffis <amy.griffis at hp.com>
> Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
>
> commit 4b1191d552f513aa3b275c821932471ef2152d3d
> tree 2b9bb7397f448f1642a8f27df328d58a89cb7701
> parent 5c9dcc2d902dc946cdce8913ad3d7e0e1cdb8cc4
> author Amy Griffis <amy.griffis at hp.com> Thu, 03 Nov 2005 15:57:06 +0000
> committer David Woodhouse <dwmw2 at infradead.org> Thu, 03 Nov 2005 15:57:06 +0000
>
> Pass dentry, not just name, in fsnotify creation hooks.
>
> The audit hooks (to be added shortly) will want to see dentry->d_inode
> too, not just the name.
>
> Signed-off-by: Amy Griffis <amy.griffis at hp.com>
> Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
>
> commit 5c9dcc2d902dc946cdce8913ad3d7e0e1cdb8cc4
> tree 384e054fab107ad40a02c64296895f7697a047be
> parent 8e2705a286ebfbe1ad5f098becab5fd257f7ec81
> author Steve Grubb <sgrubb at redhat.com> Thu, 03 Nov 2005 15:48:08 +0000
> committer David Woodhouse <dwmw2 at infradead.org> Thu, 03 Nov 2005 15:48:08 +0000
>
> [AUDIT] Define new range of userspace messages.
>
> The attached patch updates various items for the new user space
> messages. Please apply.
>
> Signed-off-by: Steve Grubb <sgrubb at redhat.com>
> Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
>
> commit 8e2705a286ebfbe1ad5f098becab5fd257f7ec81
> tree 171c0c268933c7c2f643d68c625c169392eeb7b8
> parent de8c398a7b5f4ce4766f45ae9542bf32d63595be
> author Dustin Kirkland <dustin.kirkland at us.ibm.com> Thu, 03 Nov 2005 15:41:46 +0000
> committer David Woodhouse <dwmw2 at infradead.org> Thu, 03 Nov 2005 15:41:46 +0000
>
> [AUDIT] Filter rule comparators
>
> Currently, audit only supports the "=" and "!=" operators in the -F
> filter rules.
>
> This patch reworks the support for "=" and "!=", and adds support
> for ">", ">=", "<", and "<=".
>
> This turned out to be a pretty clean, and simply process. I ended up
> using the high order bits of the "field", as suggested by Steve and Amy.
> This allowed for no changes whatsoever to the netlink communications.
> See the documentation within the patch in the include/linux/audit.h
> area, where there is a table that explains the reasoning of the bitmask
> assignments clearly.
>
> The patch adds a new function, audit_comparator(left, op, right).
> This function will perform the specified comparison (op, which defaults
> to "==" for backward compatibility) between two values (left and right).
> If the negate bit is on, it will negate whatever that result was. This
> value is returned.
>
> Signed-off-by: Dustin Kirkland <dustin.kirkland at us.ibm.com>
> Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
>
> commit 1cce80e3d890237fc39f244c48d22fe6ed0ea522
> tree 7e26791e7661494fb34076fa1e0c1e6bdc6aa010
> parent c77054e518d9163578cfcad09826d7b959f95ece
> author Randy Dunlap <rdunlap at xenotime.net> Tue, 13 Sep 2005 12:47:11 -0700
> committer David Woodhouse <dwmw2 at baythorne.infradead.org> Mon, 03 Oct 2005 15:50:31 +0100
>
> AUDIT: kerneldoc for kernel/audit*.c
>
> - add kerneldoc for non-static functions;
> - don't init static data to 0;
> - limit lines to < 80 columns;
> - fix long-format style;
> - delete whitespace at end of some lines;
>
> (chrisw: resend and update to current audit-2.6 tree)
>
> Signed-off-by: Randy Dunlap <rdunlap at xenotime.net>
> Signed-off-by: Chris Wright <chrisw at osdl.org>
> Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
>
>
>
> --
> dwmw2
>
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
More information about the Linux-audit
mailing list