From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53813) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aPdzG-000616-Be for qemu-devel@nongnu.org; Sat, 30 Jan 2016 17:27:23 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aPdzF-0004FT-CV for qemu-devel@nongnu.org; Sat, 30 Jan 2016 17:27:22 -0500 Received: from smtp1-g21.free.fr ([2a01:e0c:1:1599::10]:11398) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aPdzF-0004FN-6d for qemu-devel@nongnu.org; Sat, 30 Jan 2016 17:27:21 -0500 From: Laurent Vivier Date: Sat, 30 Jan 2016 23:27:00 +0100 Message-Id: <1454192820-5095-4-git-send-email-laurent@vivier.eu> In-Reply-To: <1454192820-5095-1-git-send-email-laurent@vivier.eu> References: <1454192820-5095-1-git-send-email-laurent@vivier.eu> Subject: [Qemu-devel] [PATCH RFC 3/3] linux-user: add netlink audit List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Riku Voipio Cc: Laurent Vivier , qemu-devel@nongnu.org, agraf@suse.de This is, for instance, needed to log in a container. Without this, the user cannot be identified and the console login fails with "Login incorrect". Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 790ae49..fa50299 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -102,6 +102,7 @@ int __clone2(int (*fn)(void *), void *child_stack_base, #include "linux_loop.h" #include #include +#include #include "uname.h" #include "qemu.h" @@ -1878,6 +1879,44 @@ static abi_long target_to_host_nlmsg_route(struct nlmsghdr *nlh, size_t len) return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_route); } +static abi_long host_to_target_data_audit(struct nlmsghdr *nlh) +{ + switch (nlh->nlmsg_type) { + default: + fprintf(stderr, "Unknown host audit message type %d\n", + nlh->nlmsg_type); + return -TARGET_EINVAL; + } + return 0; +} + +static inline abi_long host_to_target_nlmsg_audit(struct nlmsghdr *nlh, + size_t len) +{ + return host_to_target_for_each_nlmsg(nlh, len, host_to_target_data_audit); +} + +static abi_long target_to_host_data_audit(struct nlmsghdr *nlh) +{ + switch (nlh->nlmsg_type) { + case AUDIT_USER: + case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG: + case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2: + break; + default: + fprintf(stderr, "Unknown target audit message type %d\n", + nlh->nlmsg_type); + return -TARGET_EINVAL; + } + + return 0; +} + +static abi_long target_to_host_nlmsg_audit(struct nlmsghdr *nlh, size_t len) +{ + return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_audit); +} + /* do_setsockopt() Must return target values and target errnos. */ static abi_long do_setsockopt(int sockfd, int level, int optname, abi_ulong optval_addr, socklen_t optlen) @@ -2543,6 +2582,21 @@ static TargetFdTrans target_netlink_route_trans = { .host_to_target_data = netlink_route_host_to_target, }; +static abi_long netlink_audit_target_to_host(void *buf, size_t len) +{ + return target_to_host_nlmsg_audit(buf, len); +} + +static abi_long netlink_audit_host_to_target(void *buf, size_t len) +{ + return host_to_target_nlmsg_audit(buf, len); +} + +static TargetFdTrans target_netlink_audit_trans = { + .target_to_host_data = netlink_audit_target_to_host, + .host_to_target_data = netlink_audit_host_to_target, +}; + /* do_socket() Must return target values and target errnos. */ static abi_long do_socket(int domain, int type, int protocol) { @@ -2575,6 +2629,9 @@ static abi_long do_socket(int domain, int type, int protocol) case NETLINK_KOBJECT_UEVENT: /* nothing to do: messages are strings */ break; + case NETLINK_AUDIT: + fd_trans_register(ret, &target_netlink_audit_trans); + break; default: close(ret); ret = -EPFNOSUPPORT; -- 2.5.0