mirror of
https://github.com/Fishwaldo/linux-bl808.git
synced 2025-06-17 20:25:19 +00:00
[PATCH] log more info for directory entry change events
When an audit event involves changes to a directory entry, include
a PATH record for the directory itself. A few other notable changes:
- fixed audit_inode_child() hooks in fsnotify_move()
- removed unused flags arg from audit_inode()
- added audit log routines for logging a portion of a string
Here's some sample output.
before patch:
type=SYSCALL msg=audit(1149821605.320:26): arch=40000003 syscall=39 success=yes exit=0 a0=bf8d3c7c a1=1ff a2=804e1b8 a3=bf8d3c7c items=1 ppid=739 pid=800 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 comm="mkdir" exe="/bin/mkdir" subj=root:system_r:unconfined_t:s0-s0:c0.c255
type=CWD msg=audit(1149821605.320:26): cwd="/root"
type=PATH msg=audit(1149821605.320:26): item=0 name="foo" parent=164068 inode=164010 dev=03:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_t:s0
after patch:
type=SYSCALL msg=audit(1149822032.332:24): arch=40000003 syscall=39 success=yes exit=0 a0=bfdd9c7c a1=1ff a2=804e1b8 a3=bfdd9c7c items=2 ppid=714 pid=777 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 comm="mkdir" exe="/bin/mkdir" subj=root:system_r:unconfined_t:s0-s0:c0.c255
type=CWD msg=audit(1149822032.332:24): cwd="/root"
type=PATH msg=audit(1149822032.332:24): item=0 name="/root" inode=164068 dev=03:00 mode=040750 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_dir_t:s0
type=PATH msg=audit(1149822032.332:24): item=1 name="foo" inode=164010 dev=03:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_t:s0
Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Amy Griffis
Al Viro
parent
6a2bceec0e
commit
9c937dcc71
9 changed files with 141 additions and 73 deletions
|
|
@ -310,7 +310,7 @@ extern void audit_syscall_entry(int arch,
|
|||
extern void audit_syscall_exit(int failed, long return_code);
|
||||
extern void __audit_getname(const char *name);
|
||||
extern void audit_putname(const char *name);
|
||||
extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags);
|
||||
extern void __audit_inode(const char *name, const struct inode *inode);
|
||||
extern void __audit_inode_child(const char *dname, const struct inode *inode,
|
||||
unsigned long pino);
|
||||
static inline void audit_getname(const char *name)
|
||||
|
|
@ -318,10 +318,9 @@ static inline void audit_getname(const char *name)
|
|||
if (unlikely(current->audit_context))
|
||||
__audit_getname(name);
|
||||
}
|
||||
static inline void audit_inode(const char *name, const struct inode *inode,
|
||||
unsigned flags) {
|
||||
static inline void audit_inode(const char *name, const struct inode *inode) {
|
||||
if (unlikely(current->audit_context))
|
||||
__audit_inode(name, inode, flags);
|
||||
__audit_inode(name, inode);
|
||||
}
|
||||
static inline void audit_inode_child(const char *dname,
|
||||
const struct inode *inode,
|
||||
|
|
@ -398,9 +397,9 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
|
|||
#define audit_syscall_exit(f,r) do { ; } while (0)
|
||||
#define audit_getname(n) do { ; } while (0)
|
||||
#define audit_putname(n) do { ; } while (0)
|
||||
#define __audit_inode(n,i,f) do { ; } while (0)
|
||||
#define __audit_inode(n,i) do { ; } while (0)
|
||||
#define __audit_inode_child(d,i,p) do { ; } while (0)
|
||||
#define audit_inode(n,i,f) do { ; } while (0)
|
||||
#define audit_inode(n,i) do { ; } while (0)
|
||||
#define audit_inode_child(d,i,p) do { ; } while (0)
|
||||
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
|
||||
#define audit_get_loginuid(c) ({ -1; })
|
||||
|
|
@ -435,6 +434,9 @@ extern void audit_log_hex(struct audit_buffer *ab,
|
|||
size_t len);
|
||||
extern const char * audit_log_untrustedstring(struct audit_buffer *ab,
|
||||
const char *string);
|
||||
extern const char * audit_log_n_untrustedstring(struct audit_buffer *ab,
|
||||
size_t n,
|
||||
const char *string);
|
||||
extern void audit_log_d_path(struct audit_buffer *ab,
|
||||
const char *prefix,
|
||||
struct dentry *dentry,
|
||||
|
|
@ -452,6 +454,7 @@ extern int audit_receive_filter(int type, int pid, int uid, int seq,
|
|||
#define audit_log_end(b) do { ; } while (0)
|
||||
#define audit_log_hex(a,b,l) do { ; } while (0)
|
||||
#define audit_log_untrustedstring(a,s) do { ; } while (0)
|
||||
#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)
|
||||
#define audit_log_d_path(b,p,d,v) do { ; } while (0)
|
||||
#endif
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue