Merge tag 'audit-pr-20210426' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull audit updates from Paul Moore:
"Another small pull request for audit, most of the patches are
documentation updates with only two real code changes: one to fix a
compiler warning for a dummy function/macro, and one to cleanup some
code since we removed the AUDIT_FILTER_ENTRY ages ago (v4.17)"

* tag 'audit-pr-20210426' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
audit: drop /proc/PID/loginuid documentation Format field
audit: avoid -Wempty-body warning
audit: document /proc/PID/sessionid
audit: document /proc/PID/loginuid
MAINTAINERS: update audit files
audit: further cleanup of AUDIT_FILTER_ENTRY deprecation

Linus Torvalds 5 years ago e359bce3 f1c921fb

+39 -13

4 changed files

expand all

Documentation

ABI

stable

procfs-audit_loginuid

MAINTAINERS

kernel

audit.h

auditsc.c

+27

Documentation/ABI/stable/procfs-audit_loginuid

··· 1 + What: Audit Login UID 2 + Date: 2005-02-01 3 + KernelVersion: 2.6.11-rc2 1e2d1492e178 ("[PATCH] audit: handle loginuid through proc") 4 + Contact: linux-audit@redhat.com 5 + Users: audit and login applications 6 + Description: 7 + The /proc/$pid/loginuid pseudofile is written to set and 8 + read to get the audit login UID of process $pid as a 9 + decimal unsigned int (%u, u32). If it is unset, 10 + permissions are not needed to set it. The accessor must 11 + have CAP_AUDIT_CONTROL in the initial user namespace to 12 + write it if it has been set. It cannot be written again 13 + if AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled. It 14 + cannot be unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is 15 + enabled. 16 + 17 + What: Audit Login Session ID 18 + Date: 2008-03-13 19 + KernelVersion: 2.6.25-rc7 1e0bd7550ea9 ("[PATCH] export sessionid alongside the loginuid in procfs") 20 + Contact: linux-audit@redhat.com 21 + Users: audit and login applications 22 + Description: 23 + The /proc/$pid/sessionid pseudofile is read to get the 24 + audit login session ID of process $pid as a decimal 25 + unsigned int (%u, u32). It is set automatically, 26 + serially assigned with each new login. 27 +

MAINTAINERS

··· 3018 3018 S: Supported 3019 3019 W: https://github.com/linux-audit 3020 3020 T: git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git 3021 + F: include/asm-generic/audit_*.h 3021 3022 F: include/linux/audit.h 3022 3023 F: include/uapi/linux/audit.h 3023 3024 F: kernel/audit* 3025 + F: lib/*audit.c 3024 3026 3025 3027 AUXILIARY DISPLAY DRIVERS 3026 3028 M: Miguel Ojeda <ojeda@kernel.org>

+6 -6

kernel/audit.h

··· 292 292 extern struct list_head *audit_killed_trees(void); 293 293 #else /* CONFIG_AUDITSYSCALL */ 294 294 #define auditsc_get_stamp(c, t, s) 0 295 - #define audit_put_watch(w) {} 296 - #define audit_get_watch(w) {} 295 + #define audit_put_watch(w) do { } while (0) 296 + #define audit_get_watch(w) do { } while (0) 297 297 #define audit_to_watch(k, p, l, o) (-EINVAL) 298 298 #define audit_add_watch(k, l) (-EINVAL) 299 299 #define audit_remove_watch_rule(k) BUG() ··· 302 302 303 303 #define audit_alloc_mark(k, p, l) (ERR_PTR(-EINVAL)) 304 304 #define audit_mark_path(m) "" 305 - #define audit_remove_mark(m) 306 - #define audit_remove_mark_rule(k) 305 + #define audit_remove_mark(m) do { } while (0) 306 + #define audit_remove_mark_rule(k) do { } while (0) 307 307 #define audit_mark_compare(m, i, d) 0 308 308 #define audit_exe_compare(t, m) (-EINVAL) 309 309 #define audit_dupe_exe(n, o) (-EINVAL) ··· 311 311 #define audit_remove_tree_rule(rule) BUG() 312 312 #define audit_add_tree_rule(rule) -EINVAL 313 313 #define audit_make_tree(rule, str, op) -EINVAL 314 - #define audit_trim_trees() (void)0 315 - #define audit_put_tree(tree) (void)0 314 + #define audit_trim_trees() do { } while (0) 315 + #define audit_put_tree(tree) do { } while (0) 316 316 #define audit_tag_tree(old, new) -EINVAL 317 317 #define audit_tree_path(rule) "" /* never called */ 318 318 #define audit_kill_trees(context) BUG()

+4 -7

kernel/auditsc.c

··· 805 805 * (i.e., the state is AUDIT_SETUP_CONTEXT or AUDIT_BUILD_CONTEXT). 806 806 */ 807 807 static void audit_filter_syscall(struct task_struct *tsk, 808 - struct audit_context *ctx, 809 - struct list_head *list) 808 + struct audit_context *ctx) 810 809 { 811 810 struct audit_entry *e; 812 811 enum audit_state state; ··· 814 815 return; 815 816 816 817 rcu_read_lock(); 817 - list_for_each_entry_rcu(e, list, list) { 818 + list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_EXIT], list) { 818 819 if (audit_in_mask(&e->rule, ctx->major) && 819 820 audit_filter_rules(tsk, &e->rule, ctx, NULL, 820 821 &state, false)) { ··· 1626 1627 context->return_valid = AUDITSC_INVALID; 1627 1628 context->return_code = 0; 1628 1629 1629 - audit_filter_syscall(tsk, context, 1630 - &audit_filter_list[AUDIT_FILTER_EXIT]); 1630 + audit_filter_syscall(tsk, context); 1631 1631 audit_filter_inodes(tsk, context); 1632 1632 if (context->current_state == AUDIT_RECORD_CONTEXT) 1633 1633 audit_log_exit(); ··· 1733 1735 else 1734 1736 context->return_code = return_code; 1735 1737 1736 - audit_filter_syscall(current, context, 1737 - &audit_filter_list[AUDIT_FILTER_EXIT]); 1738 + audit_filter_syscall(current, context); 1738 1739 audit_filter_inodes(current, context); 1739 1740 if (context->current_state == AUDIT_RECORD_CONTEXT) 1740 1741 audit_log_exit();