From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eric Paris <eparis@redhat.com>
Subject: Re: [PATCH 1/1] fix several things in ipsec audit
Date: Fri, 01 Dec 2006 16:26:33 -0500
Message-ID: <1165008393.2079.188.camel@localhost.localdomain>
References: <200611282102.kASL2aeh024999@faith.austin.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <200611282102.kASL2aeh024999@faith.austin.ibm.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Joy Latten <latten@austin.ibm.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Tue, 2006-11-28 at 15:02 -0600, Joy Latten wrote:
> --- linux-2.6.18-patch/include/net/xfrm.h	2006-11-27 12:29:11.000000000 -0600
> +++ linux-2.6.18-patch.2/include/net/xfrm.h	2006-11-28 13:26:49.000000000 -0600
> @@ -395,8 +395,13 @@ struct xfrm_audit
>  	uid_t	loginuid;
>  	u32	secid;
>  };
> -void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
> +
> +#ifdef CONFIG_AUDITSYSCALL
> +extern void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
>  		    struct xfrm_policy *xp, struct xfrm_state *x);
> +#else
> +#define xfrm_audit_log(a,s,t,r,p,x) do { ; } while (0)
> +#endif /* CONFIG_AUDITSYSCALL */
>  
>  static inline void xfrm_pol_hold(struct xfrm_policy *policy)
>  {

This chunk failed to apply.  I believe it is a while space problem with
the second line vs what you sent in the original patch.  But I'm not
sure.

Chunk 2 had some fuzz, which may have been a result of being in the RHEL
kernel rather thanupstream.

> diff -urpN linux-2.6.18-patch/net/xfrm/xfrm_state.c linux-2.6.18-patch.2/net/xfrm/xfrm_state.c
> --- linux-2.6.18-patch/net/xfrm/xfrm_state.c	2006-11-27 12:29:33.000000000 -0600
> +++ linux-2.6.18-patch.2/net/xfrm/xfrm_state.c	2006-11-28 12:58:56.000000000 -0600
> @@ -407,7 +407,6 @@ restart:
>  				xfrm_state_hold(x);
>  				spin_unlock_bh(&xfrm_state_lock);
>  
> -				xfrm_state_delete(x);
>  				err = xfrm_state_delete(x);
>  				xfrm_audit_log(audit_info->loginuid,
>  					       audit_info->secid,
> 


what is this?  Going back to: [PATCH 1/1]:ipsec audit: additional change
when AUDITSYSCALL is off

I see:

@@ -298,7 +306,13 @@ restart:
                                xfrm_state_hold(x);
                                spin_unlock_bh(&xfrm_state_lock);
 
-                               xfrm_state_delete(x);
+                               err = xfrm_state_delete(x);
+
+                               xfrm_audit_log(audit_info->loginuid,
+                                              audit_info->secid, 
+                                              AUDIT_MAC_IPSEC_DELSA, 
+                                              err ? 0 : 1, NULL, x);
+
                                xfrm_state_put(x);

Looks like you are deleting a line you already deleted, you are missing
newlines, all sorts of things aren't right.

In any case your second patch doesn't apply on top of the first.  Can we
get a single complete patch against 2.6.20-net and get it sent to audit,
netdev, and make sure that jmorris, aviro, and dwmw2@infradead.org are
cc'd as absolutely soon as possible?

-Eric