From: Gao feng <gaofeng@cn.fujitsu.com>
To: linux-kernel@vger.kernel.org, linux-audit@redhat.com
Cc: toshi.okajima@jp.fujitsu.com,
containers@lists.linux-foundation.org, serge.hallyn@ubuntu.com,
ebiederm@xmission.com
Subject: [PATCH 13/20] audit: introduce new audit logging interface for audit namespace
Date: Thu, 24 Oct 2013 15:31:58 +0800 [thread overview]
Message-ID: <1382599925-25143-14-git-send-email-gaofeng@cn.fujitsu.com> (raw)
In-Reply-To: <1382599925-25143-1-git-send-email-gaofeng@cn.fujitsu.com>
This interface audit_log_start_ns and audit_log_end_ns
will be used for logging audit logs in audit namespace.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
include/linux/audit.h | 26 +++++++++++++--
kernel/audit.c | 92 ++++++++++++++++++++++++++++++---------------------
2 files changed, 77 insertions(+), 41 deletions(-)
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 729a4d1..717e1d1 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -43,6 +43,7 @@ struct mq_attr;
struct mqstat;
struct audit_watch;
struct audit_tree;
+struct audit_namespace;
struct audit_krule {
int vers_ops;
@@ -421,10 +422,19 @@ extern __printf(4, 5)
void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
const char *fmt, ...);
-extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
+extern struct audit_buffer *
+audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
+
+extern struct audit_buffer *
+audit_log_start_ns(struct audit_namespace *ns,
+ struct audit_context *ctx,
+ gfp_t gfp_mask, int type);
+
extern __printf(2, 3)
void audit_log_format(struct audit_buffer *ab, const char *fmt, ...);
extern void audit_log_end(struct audit_buffer *ab);
+extern void audit_log_end_ns(struct audit_namespace *ns,
+ struct audit_buffer *ab);
extern int audit_string_contains_control(const char *string,
size_t len);
extern void audit_log_n_hex(struct audit_buffer *ab,
@@ -470,8 +480,15 @@ static inline __printf(4, 5)
void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
const char *fmt, ...)
{ }
-static inline struct audit_buffer *audit_log_start(struct audit_context *ctx,
- gfp_t gfp_mask, int type)
+static inline struct audit_buffer *
+audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type)
+{
+ return NULL;
+}
+static inline struct audit_buffer *
+audit_log_start_ns(struct audit_namespace *ns,
+ struct audit_context *ctx,
+ gfp_t gfp_mask, int type)
{
return NULL;
}
@@ -480,6 +497,9 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
{ }
static inline void audit_log_end(struct audit_buffer *ab)
{ }
+static inline void audit_log_end_ns(struct audit_namespace *ns,
+ struct audit_buffer *ab)
+{ }
static inline void audit_log_n_hex(struct audit_buffer *ab,
const unsigned char *buf, size_t len)
{ }
diff --git a/kernel/audit.c b/kernel/audit.c
index b203017..5ac7365 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1092,18 +1092,19 @@ static inline void audit_get_stamp(struct audit_context *ctx,
/*
* Wait for auditd to drain the queue a little
*/
-static void wait_for_auditd(unsigned long sleep_time)
+static void wait_for_auditd(struct audit_namespace *ns,
+ unsigned long sleep_time)
{
DECLARE_WAITQUEUE(wait, current);
set_current_state(TASK_UNINTERRUPTIBLE);
- add_wait_queue(&init_audit_ns.backlog_wait, &wait);
+ add_wait_queue(&ns->backlog_wait, &wait);
if (audit_backlog_limit &&
- skb_queue_len(&init_audit_ns.queue) > audit_backlog_limit)
+ skb_queue_len(&ns->queue) > audit_backlog_limit)
schedule_timeout(sleep_time);
__set_current_state(TASK_RUNNING);
- remove_wait_queue(&init_audit_ns.backlog_wait, &wait);
+ remove_wait_queue(&ns->backlog_wait, &wait);
}
/* Obtain an audit buffer. This routine does locking to obtain the
@@ -1113,23 +1114,10 @@ static void wait_for_auditd(unsigned long sleep_time)
* will be written at syscall exit. If there is no associated task, tsk
* should be NULL. */
-/**
- * audit_log_start - obtain an audit buffer
- * @ctx: audit_context (may be NULL)
- * @gfp_mask: type of allocation
- * @type: audit message type
- *
- * Returns audit_buffer pointer on success or NULL on error.
- *
- * Obtain an audit buffer. This routine does locking to obtain the
- * audit buffer, but then no locking is required for calls to
- * audit_log_*format. If the task (ctx) is a task that is currently in a
- * syscall, then the syscall is marked as auditable and an audit record
- * will be written at syscall exit. If there is no associated task, then
- * task context (ctx) should be NULL.
- */
-struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
- int type)
+struct audit_buffer *
+audit_log_start_ns(struct audit_namespace *ns,
+ struct audit_context *ctx,
+ gfp_t gfp_mask, int type)
{
struct audit_buffer *ab = NULL;
struct timespec t;
@@ -1150,14 +1138,14 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
entries over the normal backlog limit */
while (audit_backlog_limit
- && skb_queue_len(&init_audit_ns.queue) > audit_backlog_limit + reserve) {
+ && skb_queue_len(&ns->queue) > audit_backlog_limit + reserve) {
if (gfp_mask & __GFP_WAIT && audit_backlog_wait_time) {
unsigned long sleep_time;
sleep_time = timeout_start + audit_backlog_wait_time -
jiffies;
if ((long)sleep_time > 0) {
- wait_for_auditd(sleep_time);
+ wait_for_auditd(ns, sleep_time);
continue;
}
}
@@ -1165,7 +1153,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
printk(KERN_WARNING
"audit: audit_backlog=%d > "
"audit_backlog_limit=%d\n",
- skb_queue_len(&init_audit_ns.queue),
+ skb_queue_len(&ns->queue),
audit_backlog_limit);
audit_log_lost("backlog limit exceeded");
audit_backlog_wait_time = audit_backlog_wait_overflow;
@@ -1187,6 +1175,27 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
}
/**
+ * audit_log_start - obtain an audit buffer
+ * @ctx: audit_context (may be NULL)
+ * @gfp_mask: type of allocation
+ * @type: audit message type
+ *
+ * Returns audit_buffer pointer on success or NULL on error.
+ *
+ * Obtain an audit buffer. This routine does locking to obtain the
+ * audit buffer, but then no locking is required for calls to
+ * audit_log_*format. If the task (ctx) is a task that is currently in a
+ * syscall, then the syscall is marked as auditable and an audit record
+ * will be written at syscall exit. If there is no associated task, then
+ * task context (ctx) should be NULL.
+ */
+struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
+ int type)
+{
+ return audit_log_start_ns(&init_audit_ns, ctx, gfp_mask, type);
+}
+
+/**
* audit_expand - expand skb in the audit buffer
* @ab: audit_buffer
* @extra: space to add at tail of the skb
@@ -1690,16 +1699,7 @@ out:
kfree(name);
}
-/**
- * audit_log_end - end one audit record
- * @ab: the audit_buffer
- *
- * The netlink_* functions cannot be called inside an irq context, so
- * the audit buffer is placed on a queue and a tasklet is scheduled to
- * remove them from the queue outside the irq context. May be called in
- * any context.
- */
-void audit_log_end(struct audit_buffer *ab)
+void audit_log_end_ns(struct audit_namespace *ns, struct audit_buffer *ab)
{
if (!ab)
return;
@@ -1709,11 +1709,11 @@ void audit_log_end(struct audit_buffer *ab)
struct nlmsghdr *nlh = nlmsg_hdr(ab->skb);
nlh->nlmsg_len = ab->skb->len - NLMSG_HDRLEN;
- if (init_audit_ns.pid) {
- skb_queue_tail(&init_audit_ns.queue, ab->skb);
- wake_up_interruptible(&init_audit_ns.kauditd_wait);
+ if (ns->pid) {
+ skb_queue_tail(&ns->queue, ab->skb);
+ wake_up_interruptible(&ns->kauditd_wait);
} else {
- audit_printk_skb(&init_audit_ns, ab->skb);
+ audit_printk_skb(ns, ab->skb);
}
ab->skb = NULL;
}
@@ -1721,6 +1721,20 @@ void audit_log_end(struct audit_buffer *ab)
}
/**
+ * audit_log_end - end one audit record
+ * @ab: the audit_buffer
+ *
+ * The netlink_* functions cannot be called inside an irq context, so
+ * the audit buffer is placed on a queue and a tasklet is scheduled to
+ * remove them from the queue outside the irq context. May be called in
+ * any context.
+ */
+void audit_log_end(struct audit_buffer *ab)
+{
+ return audit_log_end_ns(&init_audit_ns, ab);
+}
+
+/**
* audit_log - Log an audit record
* @ctx: audit context
* @gfp_mask: type of allocation
@@ -1774,6 +1788,8 @@ EXPORT_SYMBOL(audit_log_secctx);
#endif
EXPORT_SYMBOL(audit_log_start);
+EXPORT_SYMBOL(audit_log_start_ns);
EXPORT_SYMBOL(audit_log_end);
+EXPORT_SYMBOL(audit_log_end_ns);
EXPORT_SYMBOL(audit_log_format);
EXPORT_SYMBOL(audit_log);
--
1.8.3.1
next prev parent reply other threads:[~2013-10-24 7:31 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-24 7:31 [RFC Part1 PATCH 00/20 v2] Add namespace support for audit Gao feng
2013-10-24 7:31 ` [PATCH 01/20] Audit: make audit netlink socket net namespace unaware Gao feng
[not found] ` <1382599925-25143-1-git-send-email-gaofeng-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-10-24 7:31 ` [PATCH 02/20] audit: introduce configure option CONFIG_AUDIT_NS Gao feng
2013-10-24 7:31 ` [PATCH 03/20] audit: make audit_skb_queue per audit namespace Gao feng
2013-10-24 7:31 ` [PATCH 04/20] audit: make audit_skb_hold_queue " Gao feng
2013-10-24 7:31 ` [PATCH 06/20] audit: make kauditd_task " Gao feng
2013-10-24 7:31 ` [PATCH 08/20] audit: make kaudit_wait queue " Gao feng
2013-10-24 7:32 ` [PATCH 15/20] audit: Log audit pid config change in " Gao feng
2013-10-31 3:52 ` [RFC Part1 PATCH 00/20 v2] Add namespace support for audit Gao feng
[not found] ` <5271D3FC.8000709-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-11-05 7:51 ` Gao feng
[not found] ` <5278A39B.6000303-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-11-05 7:52 ` Gao feng
[not found] ` <5278A3D5.3010309-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-11-05 8:11 ` Li Zefan
[not found] ` <5278A828.50406-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-11-05 8:56 ` Gao feng
[not found] ` <5278B2D7.6060409-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-11-05 19:14 ` Richard Guy Briggs
[not found] ` <20131105191459.GF24236-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
2013-11-07 5:51 ` Gao feng
2013-11-21 7:57 ` Gao feng
2013-12-06 21:31 ` Serge E. Hallyn
[not found] ` <20131206213135.GA22445-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-12-09 2:29 ` Gao feng
[not found] ` <52A52AFB.2020703-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-12-23 23:47 ` Richard Guy Briggs
[not found] ` <20131223234723.GA23101-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
2013-12-24 9:53 ` Gao feng
2013-10-24 7:31 ` [PATCH 05/20] audit: make audit_pid per audit namespace Gao feng
2013-10-24 7:31 ` [PATCH 07/20] aduit: make audit_nlk_portid " Gao feng
2013-10-24 7:31 ` [PATCH 09/20] audit: make audit_backlog_wait " Gao feng
2013-10-24 7:31 ` [PATCH 10/20] audit: allow un-init audit ns to change pid and portid only Gao feng
2013-10-24 7:31 ` [PATCH 11/20] audit: use proper audit namespace in audit_receive_msg Gao feng
2013-10-24 7:31 ` [PATCH 12/20] audit: use proper audit_namespace in kauditd_thread Gao feng
2013-10-24 7:31 ` Gao feng [this message]
2013-10-24 7:31 ` [PATCH 14/20] audit: pass proper audit namespace to audit_log_common_recv_msg Gao feng
2013-10-24 7:32 ` [PATCH 16/20] audit: allow GET, SET, USER MSG operations in audit namespace Gao feng
[not found] ` <1382599925-25143-17-git-send-email-gaofeng-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-12-06 22:00 ` Serge E. Hallyn
[not found] ` <20131206220033.GB22445-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-12-09 1:47 ` Gao feng
2013-10-24 7:32 ` [PATCH 17/20] nsproxy: don't make create_new_namespaces static Gao feng
2013-10-24 7:32 ` [PATCH 18/20] audit: add new message type AUDIT_CREATE_NS Gao feng
[not found] ` <1382599925-25143-19-git-send-email-gaofeng-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-12-06 22:10 ` Serge E. Hallyn
[not found] ` <20131206221014.GC22445-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-12-09 1:59 ` Gao feng
[not found] ` <52A52400.7060008-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-12-09 17:53 ` Serge Hallyn
2013-12-10 5:34 ` Gao feng
2013-10-24 7:32 ` [PATCH 19/20] audit: make audit_backlog_limit per audit namespace Gao feng
2013-10-24 7:32 ` [PATCH 20/20] audit: introduce /proc/<pid>/audit_backlog_limit Gao feng
2013-12-04 8:31 ` [RFC Part1 PATCH 00/20 v2] Add namespace support for audit Gao feng
[not found] ` <529EE877.7030701-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-12-06 22:12 ` Serge E. Hallyn
[not found] ` <20131206221241.GD22445-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-12-09 2:06 ` Gao feng
[not found] ` <52A52599.3070502-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-12-09 18:26 ` Serge Hallyn
2013-12-10 8:16 ` Gao feng
[not found] ` <52A6CDE1.8090404-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-12-10 16:51 ` Serge Hallyn
2013-12-10 19:50 ` Eric Paris
[not found] ` <1386705056.23829.13.camel-OjZBOOqb7SR7cYLChsl7DafLeoKvNuZc@public.gmane.org>
2013-12-10 20:36 ` Serge E. Hallyn
[not found] ` <20131210203648.GA5835-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-12-16 3:39 ` Gao feng
[not found] ` <52AE75D7.4020604-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-12-20 21:15 ` Serge E. Hallyn
[not found] ` <20131220211557.GA418-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-12-24 9:32 ` Gao feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1382599925-25143-14-git-send-email-gaofeng@cn.fujitsu.com \
--to=gaofeng@cn.fujitsu.com \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=serge.hallyn@ubuntu.com \
--cc=toshi.okajima@jp.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox