Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
cloud-kernel
提交
e1396065
cloud-kernel
项目概览
openanolis
/
cloud-kernel
大约 1 年 前同步成功
通知
158
Star
36
Fork
7
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
10
列表
看板
标记
里程碑
合并请求
2
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
cloud-kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
10
Issue
10
列表
看板
标记
里程碑
合并请求
2
合并请求
2
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
e1396065
编写于
5月 25, 2006
作者:
A
Al Viro
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
[PATCH] collect sid of those who send signals to auditd
Signed-off-by:
N
Al Viro
<
viro@zeniv.linux.org.uk
>
上级
473ae30b
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
45 addition
and
25 deletion
+45
-25
include/linux/audit.h
include/linux/audit.h
+1
-2
kernel/audit.c
kernel/audit.c
+20
-11
kernel/audit.h
kernel/audit.h
+11
-0
kernel/auditsc.c
kernel/auditsc.c
+12
-11
kernel/signal.c
kernel/signal.c
+1
-1
未找到文件。
include/linux/audit.h
浏览文件 @
e1396065
...
...
@@ -278,6 +278,7 @@ struct audit_rule { /* for AUDIT_LIST, AUDIT_ADD, and AUDIT_DEL */
struct
audit_sig_info
{
uid_t
uid
;
pid_t
pid
;
char
ctx
[
0
];
};
struct
audit_buffer
;
...
...
@@ -328,7 +329,6 @@ extern int audit_bprm(struct linux_binprm *bprm);
extern
int
audit_socketcall
(
int
nargs
,
unsigned
long
*
args
);
extern
int
audit_sockaddr
(
int
len
,
void
*
addr
);
extern
int
audit_avc_path
(
struct
dentry
*
dentry
,
struct
vfsmount
*
mnt
);
extern
void
audit_signal_info
(
int
sig
,
struct
task_struct
*
t
);
extern
int
audit_set_macxattr
(
const
char
*
name
);
#else
#define audit_alloc(t) ({ 0; })
...
...
@@ -349,7 +349,6 @@ extern int audit_set_macxattr(const char *name);
#define audit_socketcall(n,a) ({ 0; })
#define audit_sockaddr(len, addr) ({ 0; })
#define audit_avc_path(dentry, mnt) ({ 0; })
#define audit_signal_info(s,t) do { ; } while (0)
#define audit_set_macxattr(n) do { ; } while (0)
#endif
...
...
kernel/audit.c
浏览文件 @
e1396065
...
...
@@ -89,6 +89,7 @@ static int audit_backlog_wait_overflow = 0;
/* The identity of the user shutting down the audit system. */
uid_t
audit_sig_uid
=
-
1
;
pid_t
audit_sig_pid
=
-
1
;
u32
audit_sig_sid
=
0
;
/* Records can be lost in several ways:
0) [suppressed in audit_alloc]
...
...
@@ -479,7 +480,9 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
struct
audit_buffer
*
ab
;
u16
msg_type
=
nlh
->
nlmsg_type
;
uid_t
loginuid
;
/* loginuid of sender */
struct
audit_sig_info
sig_data
;
struct
audit_sig_info
*
sig_data
;
char
*
ctx
;
u32
len
;
err
=
audit_netlink_ok
(
NETLINK_CB
(
skb
).
eff_cap
,
msg_type
);
if
(
err
)
...
...
@@ -531,12 +534,9 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
if
(
status_get
->
mask
&
AUDIT_STATUS_PID
)
{
int
old
=
audit_pid
;
if
(
sid
)
{
char
*
ctx
=
NULL
;
u32
len
;
int
rc
;
if
((
rc
=
selinux_ctxid_to_string
(
if
((
err
=
selinux_ctxid_to_string
(
sid
,
&
ctx
,
&
len
)))
return
rc
;
return
err
;
else
audit_log
(
NULL
,
GFP_KERNEL
,
AUDIT_CONFIG_CHANGE
,
...
...
@@ -572,8 +572,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
"user pid=%d uid=%u auid=%u"
,
pid
,
uid
,
loginuid
);
if
(
sid
)
{
char
*
ctx
=
NULL
;
u32
len
;
if
(
selinux_ctxid_to_string
(
sid
,
&
ctx
,
&
len
))
{
audit_log_format
(
ab
,
...
...
@@ -612,10 +610,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
loginuid
,
sid
);
break
;
case
AUDIT_SIGNAL_INFO
:
sig_data
.
uid
=
audit_sig_uid
;
sig_data
.
pid
=
audit_sig_pid
;
err
=
selinux_ctxid_to_string
(
audit_sig_sid
,
&
ctx
,
&
len
);
if
(
err
)
return
err
;
sig_data
=
kmalloc
(
sizeof
(
*
sig_data
)
+
len
,
GFP_KERNEL
);
if
(
!
sig_data
)
{
kfree
(
ctx
);
return
-
ENOMEM
;
}
sig_data
->
uid
=
audit_sig_uid
;
sig_data
->
pid
=
audit_sig_pid
;
memcpy
(
sig_data
->
ctx
,
ctx
,
len
);
kfree
(
ctx
);
audit_send_reply
(
NETLINK_CB
(
skb
).
pid
,
seq
,
AUDIT_SIGNAL_INFO
,
0
,
0
,
&
sig_data
,
sizeof
(
sig_data
));
0
,
0
,
sig_data
,
sizeof
(
*
sig_data
)
+
len
);
kfree
(
sig_data
);
break
;
default:
err
=
-
EINVAL
;
...
...
kernel/audit.h
浏览文件 @
e1396065
...
...
@@ -101,3 +101,14 @@ struct audit_netlink_list {
int
audit_send_list
(
void
*
);
extern
int
selinux_audit_rule_update
(
void
);
#ifdef CONFIG_AUDITSYSCALL
extern
void
__audit_signal_info
(
int
sig
,
struct
task_struct
*
t
);
static
inline
void
audit_signal_info
(
int
sig
,
struct
task_struct
*
t
)
{
if
(
unlikely
(
audit_pid
&&
t
->
tgid
==
audit_pid
))
__audit_signal_info
(
sig
,
t
);
}
#else
#define audit_signal_info(s,t)
#endif
kernel/auditsc.c
浏览文件 @
e1396065
...
...
@@ -1376,19 +1376,20 @@ int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt)
* If the audit subsystem is being terminated, record the task (pid)
* and uid that is doing that.
*/
void
audit_signal_info
(
int
sig
,
struct
task_struct
*
t
)
void
__
audit_signal_info
(
int
sig
,
struct
task_struct
*
t
)
{
extern
pid_t
audit_sig_pid
;
extern
uid_t
audit_sig_uid
;
if
(
unlikely
(
audit_pid
&&
t
->
tgid
==
audit_pid
))
{
if
(
sig
==
SIGTERM
||
sig
==
SIGHUP
)
{
struct
audit_context
*
ctx
=
current
->
audit_context
;
audit_sig_pid
=
current
->
pid
;
if
(
ctx
)
audit_sig_uid
=
ctx
->
loginuid
;
else
audit_sig_uid
=
current
->
uid
;
}
extern
u32
audit_sig_sid
;
if
(
sig
==
SIGTERM
||
sig
==
SIGHUP
||
sig
==
SIGUSR1
)
{
struct
task_struct
*
tsk
=
current
;
struct
audit_context
*
ctx
=
tsk
->
audit_context
;
audit_sig_pid
=
tsk
->
pid
;
if
(
ctx
)
audit_sig_uid
=
ctx
->
loginuid
;
else
audit_sig_uid
=
tsk
->
uid
;
selinux_get_task_sid
(
tsk
,
&
audit_sig_sid
);
}
}
kernel/signal.c
浏览文件 @
e1396065
...
...
@@ -23,12 +23,12 @@
#include <linux/syscalls.h>
#include <linux/ptrace.h>
#include <linux/signal.h>
#include <linux/audit.h>
#include <linux/capability.h>
#include <asm/param.h>
#include <asm/uaccess.h>
#include <asm/unistd.h>
#include <asm/siginfo.h>
#include "audit.h"
/* audit_signal_info() */
/*
* SLAB caches for signal bits.
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录