From mboxrd@z Thu Jan 1 00:00:00 1970 From: Joy Latten Subject: Re: [PATCH 1/1] fix several things in ipsec audit Date: Fri, 01 Dec 2006 16:37:01 -0600 Message-ID: <1165012621.17737.575.camel@faith.austin.ibm.com> References: <200611282102.kASL2aeh024999@faith.austin.ibm.com> <1165008393.2079.188.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1165008393.2079.188.camel@localhost.localdomain> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Eric Paris Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com Oh my gosh, sorry!! I rebased my original lspp patches to 2.6.19-rc6 from kernel.org in order to send upstream. I wanted to send patch against whatever was latest in kernel.org. After sending first patch to netdev, I noticed I had messed up a line (in xfrm_state.c) when rebasing, although code compiles and still works fine. This little mess up is not in my lspp patch, just rebased one. I also needed to allow ipsec auditing to be disabled, so I included both fixes in one patch. My mistake. The second patch was only built against my "rebased" 2.6.19-rc6 kernel. I should have also created an lspp patch for the second change! My fault! I can create one against lspp56 kerel source for second change and send to you asap. The netdev patches should be ok since everything sent to netdev was based on 2.6.19-rc6. I think James has already applied in git tree. Joy On Fri, 2006-12-01 at 16:26 -0500, Eric Paris wrote: > On Tue, 2006-11-28 at 15:02 -0600, Joy Latten wrote: > > --- linux-2.6.18-patch/include/net/xfrm.h 2006-11-27 12:29:11.000000000 -0600 > > +++ linux-2.6.18-patch.2/include/net/xfrm.h 2006-11-28 13:26:49.000000000 -0600 > > @@ -395,8 +395,13 @@ struct xfrm_audit > > uid_t loginuid; > > u32 secid; > > }; > > -void xfrm_audit_log(uid_t auid, u32 secid, int type, int result, > > + > > +#ifdef CONFIG_AUDITSYSCALL > > +extern void xfrm_audit_log(uid_t auid, u32 secid, int type, int result, > > struct xfrm_policy *xp, struct xfrm_state *x); > > +#else > > +#define xfrm_audit_log(a,s,t,r,p,x) do { ; } while (0) > > +#endif /* CONFIG_AUDITSYSCALL */ > > > > static inline void xfrm_pol_hold(struct xfrm_policy *policy) > > { > > This chunk failed to apply. I believe it is a while space problem with > the second line vs what you sent in the original patch. But I'm not > sure. > > Chunk 2 had some fuzz, which may have been a result of being in the RHEL > kernel rather thanupstream. > > > diff -urpN linux-2.6.18-patch/net/xfrm/xfrm_state.c linux-2.6.18-patch.2/net/xfrm/xfrm_state.c > > --- linux-2.6.18-patch/net/xfrm/xfrm_state.c 2006-11-27 12:29:33.000000000 -0600 > > +++ linux-2.6.18-patch.2/net/xfrm/xfrm_state.c 2006-11-28 12:58:56.000000000 -0600 > > @@ -407,7 +407,6 @@ restart: > > xfrm_state_hold(x); > > spin_unlock_bh(&xfrm_state_lock); > > > > - xfrm_state_delete(x); > > err = xfrm_state_delete(x); > > xfrm_audit_log(audit_info->loginuid, > > audit_info->secid, > > > > > what is this? Going back to: [PATCH 1/1]:ipsec audit: additional change > when AUDITSYSCALL is off > > I see: > > @@ -298,7 +306,13 @@ restart: > xfrm_state_hold(x); > spin_unlock_bh(&xfrm_state_lock); > > - xfrm_state_delete(x); > + err = xfrm_state_delete(x); > + > + xfrm_audit_log(audit_info->loginuid, > + audit_info->secid, > + AUDIT_MAC_IPSEC_DELSA, > + err ? 0 : 1, NULL, x); > + > xfrm_state_put(x); > > Looks like you are deleting a line you already deleted, you are missing > newlines, all sorts of things aren't right. > > In any case your second patch doesn't apply on top of the first. Can we > get a single complete patch against 2.6.20-net and get it sent to audit, > netdev, and make sure that jmorris, aviro, and dwmw2@infradead.org are > cc'd as absolutely soon as possible? > > -Eric