Merge branch 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits) [PATCH] fix audit_init failure path [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format [PATCH] sem2mutex: audit_netlink_sem [PATCH] simplify audit_free() locking [PATCH] Fix audit operators [PATCH] promiscuous mode [PATCH] Add tty to syscall audit records [PATCH] add/remove rule update [PATCH] audit string fields interface + consumer [PATCH] SE Linux audit events [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL [PATCH] Fix IA64 success/failure indication in syscall auditing. [PATCH] Miscellaneous bug and warning fixes [PATCH] Capture selinux subject/object context information. [PATCH] Exclude messages by message type [PATCH] Collect more inode information during syscall processing. [PATCH] Pass dentry, not just name, in fsnotify creation hooks. [PATCH] Define new range of userspace messages. [PATCH] Filter rule comparators ... Fixed trivial conflict in security/selinux/hooks.c
This commit is contained in:
Linus Torvalds
11
fs/namei.c
11
fs/namei.c
@@ -1353,6 +1353,7 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
|
||||
return -ENOENT;
|
||||
|
||||
BUG_ON(victim->d_parent->d_inode != dir);
|
||||
audit_inode_child(victim->d_name.name, victim->d_inode, dir->i_ino);
|
||||
|
||||
error = permission(dir,MAY_WRITE | MAY_EXEC, NULL);
|
||||
if (error)
|
||||
@@ -1472,7 +1473,7 @@ int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
|
||||
DQUOT_INIT(dir);
|
||||
error = dir->i_op->create(dir, dentry, mode, nd);
|
||||
if (!error)
|
||||
fsnotify_create(dir, dentry->d_name.name);
|
||||
fsnotify_create(dir, dentry);
|
||||
return error;
|
||||
}
|
||||
|
||||
@@ -1799,7 +1800,7 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
|
||||
DQUOT_INIT(dir);
|
||||
error = dir->i_op->mknod(dir, dentry, mode, dev);
|
||||
if (!error)
|
||||
fsnotify_create(dir, dentry->d_name.name);
|
||||
fsnotify_create(dir, dentry);
|
||||
return error;
|
||||
}
|
||||
|
||||
@@ -1876,7 +1877,7 @@ int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
|
||||
DQUOT_INIT(dir);
|
||||
error = dir->i_op->mkdir(dir, dentry, mode);
|
||||
if (!error)
|
||||
fsnotify_mkdir(dir, dentry->d_name.name);
|
||||
fsnotify_mkdir(dir, dentry);
|
||||
return error;
|
||||
}
|
||||
|
||||
@@ -2139,7 +2140,7 @@ int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname, i
|
||||
DQUOT_INIT(dir);
|
||||
error = dir->i_op->symlink(dir, dentry, oldname);
|
||||
if (!error)
|
||||
fsnotify_create(dir, dentry->d_name.name);
|
||||
fsnotify_create(dir, dentry);
|
||||
return error;
|
||||
}
|
||||
|
||||
@@ -2216,7 +2217,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
|
||||
error = dir->i_op->link(old_dentry, dir, new_dentry);
|
||||
mutex_unlock(&old_dentry->d_inode->i_mutex);
|
||||
if (!error)
|
||||
fsnotify_create(dir, new_dentry->d_name.name);
|
||||
fsnotify_create(dir, new_dentry);
|
||||
return error;
|
||||
}
|
||||
|
||||
|
||||
@@ -27,6 +27,7 @@
|
||||
#include <linux/pagemap.h>
|
||||
#include <linux/syscalls.h>
|
||||
#include <linux/rcupdate.h>
|
||||
#include <linux/audit.h>
|
||||
|
||||
#include <asm/unistd.h>
|
||||
|
||||
@@ -626,6 +627,8 @@ asmlinkage long sys_fchmod(unsigned int fd, mode_t mode)
|
||||
dentry = file->f_dentry;
|
||||
inode = dentry->d_inode;
|
||||
|
||||
audit_inode(NULL, inode, 0);
|
||||
|
||||
err = -EROFS;
|
||||
if (IS_RDONLY(inode))
|
||||
goto out_putf;
|
||||
@@ -775,7 +778,10 @@ asmlinkage long sys_fchown(unsigned int fd, uid_t user, gid_t group)
|
||||
|
||||
file = fget(fd);
|
||||
if (file) {
|
||||
error = chown_common(file->f_dentry, user, group);
|
||||
struct dentry * dentry;
|
||||
dentry = file->f_dentry;
|
||||
audit_inode(NULL, dentry->d_inode, 0);
|
||||
error = chown_common(dentry, user, group);
|
||||
fput(file);
|
||||
}
|
||||
return error;
|
||||
|
||||
11
fs/xattr.c
11
fs/xattr.c
@@ -17,6 +17,7 @@
|
||||
#include <linux/syscalls.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/fsnotify.h>
|
||||
#include <linux/audit.h>
|
||||
#include <asm/uaccess.h>
|
||||
|
||||
|
||||
@@ -234,12 +235,15 @@ sys_fsetxattr(int fd, char __user *name, void __user *value,
|
||||
size_t size, int flags)
|
||||
{
|
||||
struct file *f;
|
||||
struct dentry *dentry;
|
||||
int error = -EBADF;
|
||||
|
||||
f = fget(fd);
|
||||
if (!f)
|
||||
return error;
|
||||
error = setxattr(f->f_dentry, name, value, size, flags);
|
||||
dentry = f->f_dentry;
|
||||
audit_inode(NULL, dentry->d_inode, 0);
|
||||
error = setxattr(dentry, name, value, size, flags);
|
||||
fput(f);
|
||||
return error;
|
||||
}
|
||||
@@ -458,12 +462,15 @@ asmlinkage long
|
||||
sys_fremovexattr(int fd, char __user *name)
|
||||
{
|
||||
struct file *f;
|
||||
struct dentry *dentry;
|
||||
int error = -EBADF;
|
||||
|
||||
f = fget(fd);
|
||||
if (!f)
|
||||
return error;
|
||||
error = removexattr(f->f_dentry, name);
|
||||
dentry = f->f_dentry;
|
||||
audit_inode(NULL, dentry->d_inode, 0);
|
||||
error = removexattr(dentry, name);
|
||||
fput(f);
|
||||
return error;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user