| Message ID | 1454192820-5095-4-git-send-email-laurent@vivier.eu (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 30 January 2016 at 22:27, Laurent Vivier <laurent@vivier.eu> wrote: > This is, for instance, needed to log in a container. > > Without this, the user cannot be identified and the console login > fails with "Login incorrect". > > Signed-off-by: Laurent Vivier <laurent@vivier.eu> > --- > linux-user/syscall.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 57 insertions(+) > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index 790ae49..fa50299 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -102,6 +102,7 @@ int __clone2(int (*fn)(void *), void *child_stack_base, > #include "linux_loop.h" > #include <linux/netlink.h> > #include <linux/rtnetlink.h> > +#include <linux/audit.h> > #include "uname.h" > > #include "qemu.h" > @@ -1878,6 +1879,44 @@ static abi_long target_to_host_nlmsg_route(struct nlmsghdr *nlh, size_t len) > return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_route); > } > > +static abi_long host_to_target_data_audit(struct nlmsghdr *nlh) > +{ > + switch (nlh->nlmsg_type) { > + default: > + fprintf(stderr, "Unknown host audit message type %d\n", > + nlh->nlmsg_type); I think we mostly prefer gemu_log() for logging errors rather than raw fprintf. > + return -TARGET_EINVAL; > + } > + return 0; > +} > + > +static inline abi_long host_to_target_nlmsg_audit(struct nlmsghdr *nlh, > + size_t len) > +{ > + return host_to_target_for_each_nlmsg(nlh, len, host_to_target_data_audit); > +} > + > +static abi_long target_to_host_data_audit(struct nlmsghdr *nlh) > +{ > + switch (nlh->nlmsg_type) { > + case AUDIT_USER: > + case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG: > + case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2: > + break; I guess we just hope the magic user data being passed along here doesn't have any endianness issues... > + default: > + fprintf(stderr, "Unknown target audit message type %d\n", > + nlh->nlmsg_type); > + return -TARGET_EINVAL; > + } > + > + return 0; > +} > + > +static abi_long target_to_host_nlmsg_audit(struct nlmsghdr *nlh, size_t len) > +{ > + return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_audit); > +} > + > /* do_setsockopt() Must return target values and target errnos. */ > static abi_long do_setsockopt(int sockfd, int level, int optname, > abi_ulong optval_addr, socklen_t optlen) > @@ -2543,6 +2582,21 @@ static TargetFdTrans target_netlink_route_trans = { > .host_to_target_data = netlink_route_host_to_target, > }; > > +static abi_long netlink_audit_target_to_host(void *buf, size_t len) > +{ > + return target_to_host_nlmsg_audit(buf, len); > +} > + > +static abi_long netlink_audit_host_to_target(void *buf, size_t len) > +{ > + return host_to_target_nlmsg_audit(buf, len); > +} > + > +static TargetFdTrans target_netlink_audit_trans = { > + .target_to_host_data = netlink_audit_target_to_host, > + .host_to_target_data = netlink_audit_host_to_target, > +}; > + > /* do_socket() Must return target values and target errnos. */ > static abi_long do_socket(int domain, int type, int protocol) > { > @@ -2575,6 +2629,9 @@ static abi_long do_socket(int domain, int type, int protocol) > case NETLINK_KOBJECT_UEVENT: > /* nothing to do: messages are strings */ > break; > + case NETLINK_AUDIT: > + fd_trans_register(ret, &target_netlink_audit_trans); > + break; > default: > close(ret); > ret = -EPFNOSUPPORT; > -- > 2.5.0 Other than the fprintf thing, Reviewed-by: Peter Maydell <peter.maydell@linaro.org> thanks -- PMM
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 790ae49..fa50299 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -102,6 +102,7 @@ int __clone2(int (*fn)(void *), void *child_stack_base, #include "linux_loop.h" #include <linux/netlink.h> #include <linux/rtnetlink.h> +#include <linux/audit.h> #include "uname.h" #include "qemu.h" @@ -1878,6 +1879,44 @@ static abi_long target_to_host_nlmsg_route(struct nlmsghdr *nlh, size_t len) return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_route); } +static abi_long host_to_target_data_audit(struct nlmsghdr *nlh) +{ + switch (nlh->nlmsg_type) { + default: + fprintf(stderr, "Unknown host audit message type %d\n", + nlh->nlmsg_type); + return -TARGET_EINVAL; + } + return 0; +} + +static inline abi_long host_to_target_nlmsg_audit(struct nlmsghdr *nlh, + size_t len) +{ + return host_to_target_for_each_nlmsg(nlh, len, host_to_target_data_audit); +} + +static abi_long target_to_host_data_audit(struct nlmsghdr *nlh) +{ + switch (nlh->nlmsg_type) { + case AUDIT_USER: + case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG: + case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2: + break; + default: + fprintf(stderr, "Unknown target audit message type %d\n", + nlh->nlmsg_type); + return -TARGET_EINVAL; + } + + return 0; +} + +static abi_long target_to_host_nlmsg_audit(struct nlmsghdr *nlh, size_t len) +{ + return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_audit); +} + /* do_setsockopt() Must return target values and target errnos. */ static abi_long do_setsockopt(int sockfd, int level, int optname, abi_ulong optval_addr, socklen_t optlen) @@ -2543,6 +2582,21 @@ static TargetFdTrans target_netlink_route_trans = { .host_to_target_data = netlink_route_host_to_target, }; +static abi_long netlink_audit_target_to_host(void *buf, size_t len) +{ + return target_to_host_nlmsg_audit(buf, len); +} + +static abi_long netlink_audit_host_to_target(void *buf, size_t len) +{ + return host_to_target_nlmsg_audit(buf, len); +} + +static TargetFdTrans target_netlink_audit_trans = { + .target_to_host_data = netlink_audit_target_to_host, + .host_to_target_data = netlink_audit_host_to_target, +}; + /* do_socket() Must return target values and target errnos. */ static abi_long do_socket(int domain, int type, int protocol) { @@ -2575,6 +2629,9 @@ static abi_long do_socket(int domain, int type, int protocol) case NETLINK_KOBJECT_UEVENT: /* nothing to do: messages are strings */ break; + case NETLINK_AUDIT: + fd_trans_register(ret, &target_netlink_audit_trans); + break; default: close(ret); ret = -EPFNOSUPPORT;
This is, for instance, needed to log in a container. Without this, the user cannot be identified and the console login fails with "Login incorrect". Signed-off-by: Laurent Vivier <laurent@vivier.eu> --- linux-user/syscall.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+)