From: Joy Latten <latten@austin.ibm.com>
To: linux-audit@redhat.com, sgrubb@redhat.com
Subject: [PATCH 1/1] fix several things in ipsec audit
Date: Tue, 28 Nov 2006 15:02:36 -0600 [thread overview]
Message-ID: <200611282102.kASL2aeh024999@faith.austin.ibm.com> (raw)
Steve, if this looks ok to you I will send to netdev.
I compiled and tested with and without CONFIG_AUDITSYSCALL.
-------------------------------------------------------------
This patch disables auditing in ipsec when CONFIG_AUDITSYSCALL
is disabled in the kernel.
This patch also includes a bug fix for xfrm_state.c as a result of original
ipsec audit patch.
Regards,
Joy
diff -urpN linux-2.6.18-patch/include/net/xfrm.h linux-2.6.18-patch.2/include/net/xfrm.h
--- linux-2.6.18-patch/include/net/xfrm.h 2006-11-27 12:29:11.000000000 -0600
+++ linux-2.6.18-patch.2/include/net/xfrm.h 2006-11-28 13:26:49.000000000 -0600
@@ -395,8 +395,13 @@ struct xfrm_audit
uid_t loginuid;
u32 secid;
};
-void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
+
+#ifdef CONFIG_AUDITSYSCALL
+extern void xfrm_audit_log(uid_t auid, u32 secid, int type, int result,
struct xfrm_policy *xp, struct xfrm_state *x);
+#else
+#define xfrm_audit_log(a,s,t,r,p,x) do { ; } while (0)
+#endif /* CONFIG_AUDITSYSCALL */
static inline void xfrm_pol_hold(struct xfrm_policy *policy)
{
diff -urpN linux-2.6.18-patch/net/xfrm/xfrm_policy.c linux-2.6.18-patch.2/net/xfrm/xfrm_policy.c
--- linux-2.6.18-patch/net/xfrm/xfrm_policy.c 2006-11-27 12:29:33.000000000 -0600
+++ linux-2.6.18-patch.2/net/xfrm/xfrm_policy.c 2006-11-28 14:51:09.000000000 -0600
@@ -1955,6 +1955,7 @@ int xfrm_bundle_ok(struct xfrm_policy *p
EXPORT_SYMBOL(xfrm_bundle_ok);
+#ifdef CONFIG_AUDITSYSCALL
/* Audit addition and deletion of SAs and ipsec policy */
void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
@@ -2063,6 +2064,7 @@ void xfrm_audit_log(uid_t auid, u32 sid,
}
EXPORT_SYMBOL(xfrm_audit_log);
+#endif /* CONFIG_AUDITSYSCALL */
int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
{
diff -urpN linux-2.6.18-patch/net/xfrm/xfrm_state.c linux-2.6.18-patch.2/net/xfrm/xfrm_state.c
--- linux-2.6.18-patch/net/xfrm/xfrm_state.c 2006-11-27 12:29:33.000000000 -0600
+++ linux-2.6.18-patch.2/net/xfrm/xfrm_state.c 2006-11-28 12:58:56.000000000 -0600
@@ -407,7 +407,6 @@ restart:
xfrm_state_hold(x);
spin_unlock_bh(&xfrm_state_lock);
- xfrm_state_delete(x);
err = xfrm_state_delete(x);
xfrm_audit_log(audit_info->loginuid,
audit_info->secid,
next reply other threads:[~2006-11-28 21:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-28 21:02 Joy Latten [this message]
2006-11-29 16:48 ` [PATCH 1/1] fix several things in ipsec audit Steve Grubb
2006-12-01 21:26 ` Eric Paris
2006-12-01 22:37 ` Joy Latten
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200611282102.kASL2aeh024999@faith.austin.ibm.com \
--to=latten@austin.ibm.com \
--cc=linux-audit@redhat.com \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox