| Message ID | 20180524201105.3179904-4-stefanb@linux.vnet.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Thu, May 24, 2018 at 4:11 PM, Stefan Berger <stefanb@linux.vnet.ibm.com> wrote: > Implement audit_log_tty() so that IMA can add tty= to its audit records. > > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > --- > include/linux/audit.h | 5 +++++ > kernel/audit.c | 8 ++++++++ > 2 files changed, 13 insertions(+) > > diff --git a/include/linux/audit.h b/include/linux/audit.h > index 90aa63ddc9be..2deb76c74d10 100644 > --- a/include/linux/audit.h > +++ b/include/linux/audit.h > @@ -154,6 +154,7 @@ extern void audit_log_task_info(struct audit_buffer *ab, > struct task_struct *tsk); > > extern int audit_update_lsm_rules(void); > +extern void audit_log_tty(struct audit_buffer *ab, struct task_struct *tsk); > > /* Private API (for audit.c only) */ > extern int audit_rule_change(int type, int seq, void *data, size_t datasz); > @@ -202,6 +203,10 @@ static inline int audit_log_task_context(struct audit_buffer *ab) > static inline void audit_log_task_info(struct audit_buffer *ab, > struct task_struct *tsk) > { } > + > +static inline void audit_log_tty(struct audit_buffer *ab, > + struct task_struct *tsk) > +{ } > #define audit_enabled 0 > #endif /* CONFIG_AUDIT */ > > diff --git a/kernel/audit.c b/kernel/audit.c > index 670665c6e2a6..fa54695962b4 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -2305,6 +2305,14 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) > } > EXPORT_SYMBOL(audit_log_task_info); > > +void audit_log_tty(struct audit_buffer *ab, struct task_struct *tsk) > +{ > + struct tty_struct *tty = audit_get_tty(tsk); > + > + audit_log_format(ab, " tty=%s", tty ? tty_name(tty) : "(none)"); > + audit_put_tty(tty); > +} Perhaps I missed it, but your IMA patches only ever call this to log current's tty, yes? If so, I would prefer if we dropped the task_struct argument and always had audit_log_tty() use current.
On 05/29/2018 05:07 PM, Paul Moore wrote: > On Thu, May 24, 2018 at 4:11 PM, Stefan Berger > <stefanb@linux.vnet.ibm.com> wrote: >> >> +void audit_log_tty(struct audit_buffer *ab, struct task_struct *tsk) >> +{ >> + struct tty_struct *tty = audit_get_tty(tsk); >> + >> + audit_log_format(ab, " tty=%s", tty ? tty_name(tty) : "(none)"); >> + audit_put_tty(tty); >> +} > Perhaps I missed it, but your IMA patches only ever call this to log > current's tty, yes? If so, I would prefer if we dropped the > task_struct argument and always had audit_log_tty() use current. Done. >
diff --git a/include/linux/audit.h b/include/linux/audit.h index 90aa63ddc9be..2deb76c74d10 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -154,6 +154,7 @@ extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk); extern int audit_update_lsm_rules(void); +extern void audit_log_tty(struct audit_buffer *ab, struct task_struct *tsk); /* Private API (for audit.c only) */ extern int audit_rule_change(int type, int seq, void *data, size_t datasz); @@ -202,6 +203,10 @@ static inline int audit_log_task_context(struct audit_buffer *ab) static inline void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) { } + +static inline void audit_log_tty(struct audit_buffer *ab, + struct task_struct *tsk) +{ } #define audit_enabled 0 #endif /* CONFIG_AUDIT */ diff --git a/kernel/audit.c b/kernel/audit.c index 670665c6e2a6..fa54695962b4 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2305,6 +2305,14 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) } EXPORT_SYMBOL(audit_log_task_info); +void audit_log_tty(struct audit_buffer *ab, struct task_struct *tsk) +{ + struct tty_struct *tty = audit_get_tty(tsk); + + audit_log_format(ab, " tty=%s", tty ? tty_name(tty) : "(none)"); + audit_put_tty(tty); +} + /** * audit_log_link_denied - report a link restriction denial * @operation: specific link operation
Implement audit_log_tty() so that IMA can add tty= to its audit records. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> --- include/linux/audit.h | 5 +++++ kernel/audit.c | 8 ++++++++ 2 files changed, 13 insertions(+)