From: Steve Grubb <sgrubb@redhat.com>
To: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: zohar@linux.vnet.ibm.com, linux-integrity@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-audit@redhat.com
Subject: Re: [PATCH 6/8] integrity: Factor out common part of integrity_audit_msg()
Date: Tue, 29 May 2018 17:32:22 -0400 [thread overview]
Message-ID: <2600105.j2Wzuo56oP@x2> (raw)
In-Reply-To: <20180524201105.3179904-7-stefanb@linux.vnet.ibm.com>
On Thursday, May 24, 2018 4:11:03 PM EDT Stefan Berger wrote:
> Factor out a common part of integrity_audit_msg() that others
> can also call.
After all of these changes, do you mind sending an example event for testing/
review?
Thanks,
-Steve
> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
> ---
> security/integrity/integrity.h | 16 ++++++++++++++++
> security/integrity/integrity_audit.c | 24 ++++++++++++++++--------
> 2 files changed, 32 insertions(+), 8 deletions(-)
>
> diff --git a/security/integrity/integrity.h
> b/security/integrity/integrity.h index 5e58e02ba8dc..9f2924cafa53 100644
> --- a/security/integrity/integrity.h
> +++ b/security/integrity/integrity.h
> @@ -15,6 +15,7 @@
> #include <linux/integrity.h>
> #include <crypto/sha.h>
> #include <linux/key.h>
> +#include <linux/audit.h>
>
> /* iint action cache flags */
> #define IMA_MEASURE 0x00000001
> @@ -197,6 +198,11 @@ static inline void evm_load_x509(void)
> void integrity_audit_msg(int audit_msgno, struct inode *inode,
> const unsigned char *fname, const char *op,
> const char *cause, int result, int info);
> +
> +void integrity_audit_msg_common(struct audit_buffer *ab, struct inode
> *inode, + const unsigned char *fname, const char *op,
> + const char *cause, int result);
> +
> #else
> static inline void integrity_audit_msg(int audit_msgno, struct inode
> *inode, const unsigned char *fname,
> @@ -204,4 +210,14 @@ static inline void integrity_audit_msg(int
> audit_msgno, struct inode *inode, int result, int info)
> {
> }
> +
> +static inline void integrity_audit_msg_common(struct audit_buffer *ab,
> + struct inode *inode,
> + const unsigned char *fname,
> + const char *op,
> + const char *cause,
> + int result)
> +{
> +}
> +
> #endif
> diff --git a/security/integrity/integrity_audit.c
> b/security/integrity/integrity_audit.c index 8d25d3c4dcca..8f80b7c042a7
> 100644
> --- a/security/integrity/integrity_audit.c
> +++ b/security/integrity/integrity_audit.c
> @@ -28,17 +28,12 @@ static int __init integrity_audit_setup(char *str)
> }
> __setup("integrity_audit=", integrity_audit_setup);
>
> -void integrity_audit_msg(int audit_msgno, struct inode *inode,
> - const unsigned char *fname, const char *op,
> - const char *cause, int result, int audit_info)
> +void integrity_audit_msg_common(struct audit_buffer *ab, struct inode
> *inode, + const unsigned char *fname, const char *op,
> + const char *cause, int result)
> {
> - struct audit_buffer *ab;
> char name[TASK_COMM_LEN];
>
> - if (!integrity_audit_info && audit_info == 1) /* Skip info messages */
> - return;
> -
> - ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
> audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u",
> task_pid_nr(current),
> from_kuid(&init_user_ns, current_cred()->uid),
> @@ -59,5 +54,18 @@ void integrity_audit_msg(int audit_msgno, struct inode
> *inode, audit_log_d_path_exe(ab, current->mm);
> audit_log_tty(ab, current);
> audit_log_format(ab, " res=%d", !result);
> +}
> +
> +void integrity_audit_msg(int audit_msgno, struct inode *inode,
> + const unsigned char *fname, const char *op,
> + const char *cause, int result, int audit_info)
> +{
> + struct audit_buffer *ab;
> +
> + if (!integrity_audit_info && audit_info == 1) /* Skip info messages */
> + return;
> +
> + ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
> + integrity_audit_msg_common(ab, inode, fname, op, cause, result);
> audit_log_end(ab);
> }
next prev parent reply other threads:[~2018-05-29 21:32 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-24 20:10 [PATCH 0/8] IMA: work on audit records produced by IMA Stefan Berger
2018-05-24 20:10 ` [PATCH 1/8] ima: Call audit_log_string() rather than logging it untrusted Stefan Berger
2018-05-24 20:10 ` Stefan Berger
2018-05-29 20:29 ` Paul Moore
2018-05-24 20:10 ` [PATCH 2/8] ima: Use audit_log_format() rather than audit_log_string() Stefan Berger
2018-05-29 20:31 ` Paul Moore
2018-05-24 20:11 ` [PATCH 3/8] audit: Implement audit_log_tty() Stefan Berger
2018-05-29 21:07 ` Paul Moore
2018-05-30 19:46 ` Stefan Berger
2018-05-24 20:11 ` [PATCH 4/8] audit: Allow others to call audit_log_d_path_exe() Stefan Berger
2018-05-24 20:11 ` Stefan Berger
2018-05-29 21:18 ` Paul Moore
2018-05-29 21:18 ` Paul Moore
2018-05-24 20:11 ` [PATCH 5/8] integrity: Add exe= and tty= before res= to integrity audits Stefan Berger
2018-05-24 20:11 ` Stefan Berger
2018-05-29 21:19 ` Paul Moore
2018-05-29 21:35 ` Steve Grubb
2018-05-29 21:35 ` Steve Grubb
2018-05-29 21:47 ` Paul Moore
2018-05-29 22:58 ` Mimi Zohar
2018-05-29 22:58 ` Mimi Zohar
2018-05-30 13:04 ` Mimi Zohar
2018-05-30 13:04 ` Mimi Zohar
2018-05-30 21:15 ` Paul Moore
2018-05-30 12:17 ` Stefan Berger
2018-05-30 21:14 ` Paul Moore
2018-05-24 20:11 ` [PATCH 6/8] integrity: Factor out common part of integrity_audit_msg() Stefan Berger
2018-05-24 20:11 ` Stefan Berger
2018-05-29 21:32 ` Steve Grubb [this message]
2018-05-30 13:04 ` Stefan Berger
2018-05-24 20:11 ` [PATCH 7/8] ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set Stefan Berger
2018-05-24 20:11 ` [PATCH 8/8] ima: Differentiate auditing policy rules from "audit" actions Stefan Berger
2018-05-29 21:30 ` Steve Grubb
2018-05-29 21:30 ` Steve Grubb
2018-05-30 13:54 ` Stefan Berger
2018-05-30 15:15 ` Steve Grubb
2018-05-30 15:15 ` Steve Grubb
2018-05-30 15:25 ` Stefan Berger
2018-05-30 15:25 ` Stefan Berger
2018-05-30 16:27 ` Steve Grubb
2018-05-30 19:54 ` Stefan Berger
2018-05-30 19:54 ` Stefan Berger
2018-05-30 21:24 ` Paul Moore
2018-05-30 21:49 ` Stefan Berger
2018-05-30 22:00 ` Mimi Zohar
2018-05-30 22:15 ` Stefan Berger
2018-05-30 22:41 ` Mimi Zohar
2018-05-30 22:41 ` Mimi Zohar
2018-05-30 23:54 ` Paul Moore
2018-05-31 0:46 ` Lenny Bruzenak
2018-05-31 15:51 ` Paul Moore
2018-05-30 12:49 ` Richard Guy Briggs
2018-05-30 12:55 ` Steve Grubb
2018-05-30 13:08 ` Stefan Berger
2018-05-30 21:22 ` Paul Moore
2018-05-30 21:38 ` Stefan Berger
2018-05-30 23:34 ` Richard Guy Briggs
2018-06-01 20:00 ` Stefan Berger
2018-06-01 20:13 ` Paul Moore
2018-06-01 20:21 ` Paul Moore
2018-06-01 20:50 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2600105.j2Wzuo56oP@x2 \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stefanb@linux.vnet.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.