提交 6d39b27f 编写于 作者: L Linus Torvalds

Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current

* git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
  lsm: Use a compressed IPv6 string format in audit events
  Audit: send signal info if selinux is disabled
  Audit: rearrange audit_context to save 16 bytes per struct
  Audit: reorganize struct audit_watch to save 8 bytes
...@@ -855,18 +855,24 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) ...@@ -855,18 +855,24 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
break; break;
} }
case AUDIT_SIGNAL_INFO: case AUDIT_SIGNAL_INFO:
err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); len = 0;
if (err) if (audit_sig_sid) {
return err; err = security_secid_to_secctx(audit_sig_sid, &ctx, &len);
if (err)
return err;
}
sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);
if (!sig_data) { if (!sig_data) {
security_release_secctx(ctx, len); if (audit_sig_sid)
security_release_secctx(ctx, len);
return -ENOMEM; return -ENOMEM;
} }
sig_data->uid = audit_sig_uid; sig_data->uid = audit_sig_uid;
sig_data->pid = audit_sig_pid; sig_data->pid = audit_sig_pid;
memcpy(sig_data->ctx, ctx, len); if (audit_sig_sid) {
security_release_secctx(ctx, len); memcpy(sig_data->ctx, ctx, len);
security_release_secctx(ctx, len);
}
audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO, audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO,
0, 0, sig_data, sizeof(*sig_data) + len); 0, 0, sig_data, sizeof(*sig_data) + len);
kfree(sig_data); kfree(sig_data);
......
...@@ -45,8 +45,8 @@ ...@@ -45,8 +45,8 @@
struct audit_watch { struct audit_watch {
atomic_t count; /* reference count */ atomic_t count; /* reference count */
char *path; /* insertion path */
dev_t dev; /* associated superblock device */ dev_t dev; /* associated superblock device */
char *path; /* insertion path */
unsigned long ino; /* associated inode number */ unsigned long ino; /* associated inode number */
struct audit_parent *parent; /* associated parent */ struct audit_parent *parent; /* associated parent */
struct list_head wlist; /* entry in parent->watches list */ struct list_head wlist; /* entry in parent->watches list */
......
...@@ -168,12 +168,12 @@ struct audit_context { ...@@ -168,12 +168,12 @@ struct audit_context {
int in_syscall; /* 1 if task is in a syscall */ int in_syscall; /* 1 if task is in a syscall */
enum audit_state state, current_state; enum audit_state state, current_state;
unsigned int serial; /* serial number for record */ unsigned int serial; /* serial number for record */
struct timespec ctime; /* time of syscall entry */
int major; /* syscall number */ int major; /* syscall number */
struct timespec ctime; /* time of syscall entry */
unsigned long argv[4]; /* syscall arguments */ unsigned long argv[4]; /* syscall arguments */
int return_valid; /* return code is valid */
long return_code;/* syscall return code */ long return_code;/* syscall return code */
u64 prio; u64 prio;
int return_valid; /* return code is valid */
int name_count; int name_count;
struct audit_names names[AUDIT_NAMES]; struct audit_names names[AUDIT_NAMES];
char * filterkey; /* key for rule that triggered record */ char * filterkey; /* key for rule that triggered record */
...@@ -198,8 +198,8 @@ struct audit_context { ...@@ -198,8 +198,8 @@ struct audit_context {
char target_comm[TASK_COMM_LEN]; char target_comm[TASK_COMM_LEN];
struct audit_tree_refs *trees, *first_trees; struct audit_tree_refs *trees, *first_trees;
int tree_count;
struct list_head killed_trees; struct list_head killed_trees;
int tree_count;
int type; int type;
union { union {
......
...@@ -187,7 +187,7 @@ static inline void print_ipv6_addr(struct audit_buffer *ab, ...@@ -187,7 +187,7 @@ static inline void print_ipv6_addr(struct audit_buffer *ab,
char *name1, char *name2) char *name1, char *name2)
{ {
if (!ipv6_addr_any(addr)) if (!ipv6_addr_any(addr))
audit_log_format(ab, " %s=%pI6", name1, addr); audit_log_format(ab, " %s=%pI6c", name1, addr);
if (port) if (port)
audit_log_format(ab, " %s=%d", name2, ntohs(port)); audit_log_format(ab, " %s=%d", name2, ntohs(port));
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册