diff options
author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-07-04 10:11:36 -0400 |
---|---|---|
committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-07-04 10:11:36 -0400 |
commit | 4555e330dad62f5fb15dc78409d6ca81875d16ec (patch) | |
tree | 6d0c08106ece604b151947d5c4ed78ffd78727ac | |
parent | 302992b7e2baa8c9e1f3786b5c5f0e5db62e53e2 (diff) | |
download | longterm-queue-4.12-4555e330dad62f5fb15dc78409d6ca81875d16ec.tar.gz |
audit: drop already applied patches
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
-rw-r--r-- | queue/audit-Allow-auditd-to-set-pid-to-0-to-end-auditing.patch | 65 | ||||
-rw-r--r-- | queue/audit-ensure-that-audit-1-actually-enables-audit-for.patch | 61 | ||||
-rw-r--r-- | queue/series | 4 |
3 files changed, 0 insertions, 130 deletions
diff --git a/queue/audit-Allow-auditd-to-set-pid-to-0-to-end-auditing.patch b/queue/audit-Allow-auditd-to-set-pid-to-0-to-end-auditing.patch deleted file mode 100644 index 7ea2842..0000000 --- a/queue/audit-Allow-auditd-to-set-pid-to-0-to-end-auditing.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 33e8a907804428109ce1d12301c3365d619cc4df Mon Sep 17 00:00:00 2001 -From: Steve Grubb <sgrubb@redhat.com> -Date: Tue, 17 Oct 2017 18:29:22 -0400 -Subject: [PATCH] audit: Allow auditd to set pid to 0 to end auditing - -commit 33e8a907804428109ce1d12301c3365d619cc4df upstream. - -The API to end auditing has historically been for auditd to set the -pid to 0. This patch restores that functionality. - -See: https://github.com/linux-audit/audit-kernel/issues/69 - -Reviewed-by: Richard Guy Briggs <rgb@redhat.com> -Signed-off-by: Steve Grubb <sgrubb@redhat.com> -Signed-off-by: Paul Moore <paul@paul-moore.com> - -diff --git a/kernel/audit.c b/kernel/audit.c -index 67b3863261d4..64e1d0ec19de 100644 ---- a/kernel/audit.c -+++ b/kernel/audit.c -@@ -1197,25 +1197,28 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) - pid_t auditd_pid; - struct pid *req_pid = task_tgid(current); - -- /* sanity check - PID values must match */ -- if (new_pid != pid_vnr(req_pid)) -+ /* Sanity check - PID values must match. Setting -+ * pid to 0 is how auditd ends auditing. */ -+ if (new_pid && (new_pid != pid_vnr(req_pid))) - return -EINVAL; - - /* test the auditd connection */ - audit_replace(req_pid); - - auditd_pid = auditd_pid_vnr(); -- /* only the current auditd can unregister itself */ -- if ((!new_pid) && (new_pid != auditd_pid)) { -- audit_log_config_change("audit_pid", new_pid, -- auditd_pid, 0); -- return -EACCES; -- } -- /* replacing a healthy auditd is not allowed */ -- if (auditd_pid && new_pid) { -- audit_log_config_change("audit_pid", new_pid, -- auditd_pid, 0); -- return -EEXIST; -+ if (auditd_pid) { -+ /* replacing a healthy auditd is not allowed */ -+ if (new_pid) { -+ audit_log_config_change("audit_pid", -+ new_pid, auditd_pid, 0); -+ return -EEXIST; -+ } -+ /* only current auditd can unregister itself */ -+ if (pid_vnr(req_pid) != auditd_pid) { -+ audit_log_config_change("audit_pid", -+ new_pid, auditd_pid, 0); -+ return -EACCES; -+ } - } - - if (new_pid) { --- -2.15.0 - diff --git a/queue/audit-ensure-that-audit-1-actually-enables-audit-for.patch b/queue/audit-ensure-that-audit-1-actually-enables-audit-for.patch deleted file mode 100644 index 1d78369..0000000 --- a/queue/audit-ensure-that-audit-1-actually-enables-audit-for.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 173743dd99a49c956b124a74c8aacb0384739a4c Mon Sep 17 00:00:00 2001 -From: Paul Moore <paul@paul-moore.com> -Date: Fri, 1 Sep 2017 09:44:34 -0400 -Subject: [PATCH] audit: ensure that 'audit=1' actually enables audit for PID 1 - -commit 173743dd99a49c956b124a74c8aacb0384739a4c upstream. - -Prior to this patch we enabled audit in audit_init(), which is too -late for PID 1 as the standard initcalls are run after the PID 1 task -is forked. This means that we never allocate an audit_context (see -audit_alloc()) for PID 1 and therefore miss a lot of audit events -generated by PID 1. - -This patch enables audit as early as possible to help ensure that when -PID 1 is forked it can allocate an audit_context if required. - -Reviewed-by: Richard Guy Briggs <rgb@redhat.com> -Signed-off-by: Paul Moore <paul@paul-moore.com> - -diff --git a/kernel/audit.c b/kernel/audit.c -index be1c28fd4d57..ec3d0802734d 100644 ---- a/kernel/audit.c -+++ b/kernel/audit.c -@@ -85,13 +85,13 @@ static int audit_initialized; - #define AUDIT_OFF 0 - #define AUDIT_ON 1 - #define AUDIT_LOCKED 2 --u32 audit_enabled; --u32 audit_ever_enabled; -+u32 audit_enabled = AUDIT_OFF; -+u32 audit_ever_enabled = !!AUDIT_OFF; - - EXPORT_SYMBOL_GPL(audit_enabled); - - /* Default state when kernel boots without any parameters. */ --static u32 audit_default; -+static u32 audit_default = AUDIT_OFF; - - /* If auditing cannot proceed, audit_failure selects what happens. */ - static u32 audit_failure = AUDIT_FAIL_PRINTK; -@@ -1549,8 +1549,6 @@ static int __init audit_init(void) - register_pernet_subsys(&audit_net_ops); - - audit_initialized = AUDIT_INITIALIZED; -- audit_enabled = audit_default; -- audit_ever_enabled |= !!audit_default; - - kauditd_task = kthread_run(kauditd_thread, NULL, "kauditd"); - if (IS_ERR(kauditd_task)) { -@@ -1572,6 +1570,8 @@ static int __init audit_enable(char *str) - audit_default = !!simple_strtol(str, NULL, 0); - if (!audit_default) - audit_initialized = AUDIT_DISABLED; -+ audit_enabled = audit_default; -+ audit_ever_enabled = !!audit_enabled; - - pr_info("%s\n", audit_default ? - "enabled (after initialization)" : "disabled (until reboot)"); --- -2.15.0 - diff --git a/queue/series b/queue/series index e9cc948..7015a8a 100644 --- a/queue/series +++ b/queue/series @@ -100,16 +100,12 @@ powerpc-powernv-idle-Round-up-latency-and-residency-.patch ipvlan-fix-ipv6-outbound-device.patch ide-ide-atapi-fix-compile-error-with-defining-macro-.patch blk-mq-Avoid-that-request-queue-removal-can-trigger-.patch -audit-Allow-auditd-to-set-pid-to-0-to-end-auditing.patch -audit-ensure-that-audit-1-actually-enables-audit-for.patch dm-raid-fix-panic-when-attempting-to-force-a-raid-to.patch md-free-unused-memory-after-bitmap-resize.patch RDMA-cxgb4-Annotate-r2-and-stag-as-__be32.patch fix-kcm_clone.patch ipmi-Stop-timers-before-cleaning-up-the-module.patch usb-gadget-ffs-Forbid-usb_ep_alloc_request-from-slee.patch -audit-Allow-auditd-to-set-pid-to-0-to-end-auditing.patch -audit-ensure-that-audit-1-actually-enables-audit-for.patch blk-mq-Avoid-that-request-queue-removal-can-trigger-.patch dm-raid-fix-panic-when-attempting-to-force-a-raid-to.patch ide-ide-atapi-fix-compile-error-with-defining-macro-.patch |