[PATCH 1/5] audit: fix incorrect order of log new and old feature

[PATCH 1/5] audit: fix incorrect order of log new and old feature

[Gao feng]

The order of new feature and old feature is incorrect,
this patch fix it.

Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
 kernel/audit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 7c7c028..f16f835 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -664,7 +664,7 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature
 	struct audit_buffer *ab;
 
 	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE);
-	audit_log_format(ab, "feature=%s new=%d old=%d old_lock=%d new_lock=%d res=%d",
+	audit_log_format(ab, "feature=%s old=%d new=%d old_lock=%d new_lock=%d res=%d",
 			 audit_feature_names[which], !!old_feature, !!new_feature,
 			 !!old_lock, !!new_lock, res);
 	audit_log_end(ab);
-- 
1.8.3.1

[PATCH 2/5] audit: don't generate audit feature changed log when audit disabled

[Gao feng]

If audit is disabled,we shouldn't generate the audit log.

Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
 kernel/audit.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/audit.c b/kernel/audit.c
index f16f835..c307786 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -663,6 +663,9 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature
 {
 	struct audit_buffer *ab;
 
+	if (audit_enabled == AUDIT_OFF)
+		return;
+
 	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE);
 	audit_log_format(ab, "feature=%s old=%d new=%d old_lock=%d new_lock=%d res=%d",
 			 audit_feature_names[which], !!old_feature, !!new_feature,
-- 
1.8.3.1

[PATCH 3/5] audit: use old_lock in audit_set_feature

[Gao feng]

we already have old_lock, no need to calculate it again.

Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
 kernel/audit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index c307786..19f21ae 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -697,7 +697,7 @@ static int audit_set_feature(struct sk_buff *skb)
 		old_lock = af.lock & feature;
 
 		/* are we changing a locked feature? */
-		if ((af.lock & feature) && (new_feature != old_feature)) {
+		if (old_lock && (new_feature != old_feature)) {
 			audit_log_feature_change(i, old_feature, new_feature,
 						 old_lock, new_lock, 0);
 			return -EPERM;
-- 
1.8.3.1

[PATCH 4/5] audit: don't generate loginuid log when audit disabled

[Gao feng]

If audit is disabled, we shouldn't generate loginuid audit
log.

Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
 kernel/auditsc.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 065c7a1..ceb396f 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
 	struct audit_buffer *ab;
 	uid_t uid, ologinuid, nloginuid;
 
+	if (!audit_enabled)
+		return;
+
 	uid = from_kuid(&init_user_ns, task_uid(current));
 	ologinuid = from_kuid(&init_user_ns, koldloginuid);
 	nloginuid = from_kuid(&init_user_ns, kloginuid),
-- 
1.8.3.1

[PATCH 5/5] audit: change the type of oldloginuid from kuid_t to unsigned long

[Gao feng]

The type of oldloginuid should be unsigned long.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
 kernel/auditsc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index ceb396f..9f871ad 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2018,7 +2018,8 @@ int audit_set_loginuid(kuid_t loginuid)
 {
 	struct task_struct *task = current;
 	unsigned int sessionid = -1;
-	kuid_t oldloginuid, oldsessionid;
+	kuid_t oldloginuid;
+	unsigned long oldsessionid;
 	int rc;
 
 	oldloginuid = audit_get_loginuid(current);
-- 
1.8.3.1

Re: [PATCH 5/5] audit: change the type of oldloginuid from kuid_t to unsigned long

[Richard Guy Briggs]

On Fri, Nov 01, 2013 at 07:34:46PM +0800, Gao feng wrote:
> The type of oldloginuid should be unsigned long.

Can you say why unsigned long rather than int returned from
audit_get_sessionid() or unsigned int expected by
audit_log_set_loginuid()?

Kees: For that matter, why does audit_get_sessionid() return int rather
than unsigned int from task_struct?  That was introduced in commit
9321d526.

> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> ---
>  kernel/auditsc.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index ceb396f..9f871ad 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -2018,7 +2018,8 @@ int audit_set_loginuid(kuid_t loginuid)
>  {
>  	struct task_struct *task = current;
>  	unsigned int sessionid = -1;
> -	kuid_t oldloginuid, oldsessionid;
> +	kuid_t oldloginuid;
> +	unsigned long oldsessionid;
>  	int rc;
>  
>  	oldloginuid = audit_get_loginuid(current);
> -- 
> 1.8.3.1

- RGB

--
Richard Guy Briggs <rbriggs@redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545

Re: [PATCH 5/5] audit: change the type of oldloginuid from kuid_t to unsigned long

[Gao feng]

On 11/02/2013 01:00 PM, Richard Guy Briggs wrote:
> On Fri, Nov 01, 2013 at 07:34:46PM +0800, Gao feng wrote:
>> The type of oldloginuid should be unsigned long.
> 
> Can you say why unsigned long rather than int returned from
> audit_get_sessionid() or unsigned int expected by
> audit_log_set_loginuid()?

Oh..it's my miss, it definitely should be unsigned int.
I will resend this one separately.

Thanks!
> 
> Kees: For that matter, why does audit_get_sessionid() return int rather
> than unsigned int from task_struct?  That was introduced in commit
> 9321d526.
> 
>> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
>> ---
>>  kernel/auditsc.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
>> index ceb396f..9f871ad 100644
>> --- a/kernel/auditsc.c
>> +++ b/kernel/auditsc.c
>> @@ -2018,7 +2018,8 @@ int audit_set_loginuid(kuid_t loginuid)
>>  {
>>  	struct task_struct *task = current;
>>  	unsigned int sessionid = -1;
>> -	kuid_t oldloginuid, oldsessionid;
>> +	kuid_t oldloginuid;
>> +	unsigned long oldsessionid;
>>  	int rc;
>>  
>>  	oldloginuid = audit_get_loginuid(current);
>> -- 
>> 1.8.3.1
> 
> - RGB
> 
> --
> Richard Guy Briggs <rbriggs@redhat.com>
> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
> Remote, Ottawa, Canada
> Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
>