From patchwork Wed Jun 8 13:29:45 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Riku Voipio X-Patchwork-Id: 9164657 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 93EE5604DB for ; Wed, 8 Jun 2016 13:31:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 867BB2810E for ; Wed, 8 Jun 2016 13:31:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7B55B28303; Wed, 8 Jun 2016 13:31:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, FSL_HELO_HOME, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1F3AD2810E for ; Wed, 8 Jun 2016 13:31:14 +0000 (UTC) Received: from localhost ([::1]:57008 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bAdZh-00046B-5I for patchwork-qemu-devel@patchwork.kernel.org; Wed, 08 Jun 2016 09:31:13 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36780) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bAdZ9-00045F-0I for qemu-devel@nongnu.org; Wed, 08 Jun 2016 09:30:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bAdZ4-0005c7-4C for qemu-devel@nongnu.org; Wed, 08 Jun 2016 09:30:38 -0400 Received: from mail-lf0-x235.google.com ([2a00:1450:4010:c07::235]:36135) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bAdZ3-0005bh-LL for qemu-devel@nongnu.org; Wed, 08 Jun 2016 09:30:34 -0400 Received: by mail-lf0-x235.google.com with SMTP id j5so5832053lfb.3 for ; Wed, 08 Jun 2016 06:30:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=soufWSj2TzQbJftMLGNgUgxsMvbBIdND/X6991qD3jE=; b=fWT2PmwXTc/EM7O5PaGAOB+fpPxa/5JBcprfSPzSFRlH9wdJYVTb1dNEUG5QJv7BiF zuVXXyEc6XF3piKUdEYiIxQxpvccPXf5WpTDNjFs5jGh38P2QAOq2ME2dJebz5f+MUBO hBTvU790jya2iC6BakaIy42e30ThHN+9WCZYk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=soufWSj2TzQbJftMLGNgUgxsMvbBIdND/X6991qD3jE=; b=GhFCWyKAbCC05aZcuT/TEHXv3fSgHYAcHtTaDe4lQonLS9JDbfL5WH4GZgMbYKyJeL bBDC8H1LOgLB5KBLTkgIf3zW6C0vsuApFJqc2pWMBqguTev+oCr0AnuBhhUNjb8NQ1Kp 81+/JyJ4oSNvKKOK0XT6GXcM3w7tX4l4sdBjNwNFOTT9ruhUw5xrp3mo20e5VtYHXBNS ipscsPyM073CdLJsYWkmM6/aRjidfqOda3iax0EuAlHM6hFuo+48QDRxIT5IMCeR7mEQ gwwB/AfLGvYU6J7Kc4RNVDRINDP1KAzKyY6NvJR1By05DgSsFZxR4iTxAkEaVKPTeE8s GRjw== X-Gm-Message-State: ALyK8tKovRl5zpWOsVK0e9dm/PurlhkgkA3SdfnHspEzKQnDtxccww5hTalA1Ze97DWY/gX7 X-Received: by 10.25.214.5 with SMTP id n5mr537262lfg.171.1465392632827; Wed, 08 Jun 2016 06:30:32 -0700 (PDT) Received: from beaming.home (91-157-170-157.elisa-laajakaista.fi. [91.157.170.157]) by smtp.gmail.com with ESMTPSA id 2sm139854lja.37.2016.06.08.06.30.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 08 Jun 2016 06:30:32 -0700 (PDT) From: riku.voipio@linaro.org To: qemu-devel@nongnu.org Date: Wed, 8 Jun 2016 16:29:45 +0300 Message-Id: <5ce9bb5937aa549efb0f93ee78a06ce8bded0d50.1465392530.git.riku.voipio@linaro.org> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:4010:c07::235 Subject: [Qemu-devel] [PULL 04/44] linux-user: add netlink audit X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Laurent Vivier This is, for instance, needed to log in a container. Without this, the user cannot be identified and the console login fails with "Login incorrect". Signed-off-by: Laurent Vivier Signed-off-by: Riku Voipio --- linux-user/syscall.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 584aecc..933c2cd 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -103,6 +103,7 @@ int __clone2(int (*fn)(void *), void *child_stack_base, #include #include #include +#include #include "linux_loop.h" #include "uname.h" @@ -2041,6 +2042,44 @@ static abi_long target_to_host_nlmsg_route(struct nlmsghdr *nlh, size_t len) return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_route); } +static abi_long host_to_target_data_audit(struct nlmsghdr *nlh) +{ + switch (nlh->nlmsg_type) { + default: + gemu_log("Unknown host audit message type %d\n", + nlh->nlmsg_type); + return -TARGET_EINVAL; + } + return 0; +} + +static inline abi_long host_to_target_nlmsg_audit(struct nlmsghdr *nlh, + size_t len) +{ + return host_to_target_for_each_nlmsg(nlh, len, host_to_target_data_audit); +} + +static abi_long target_to_host_data_audit(struct nlmsghdr *nlh) +{ + switch (nlh->nlmsg_type) { + case AUDIT_USER: + case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG: + case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2: + break; + default: + gemu_log("Unknown target audit message type %d\n", + nlh->nlmsg_type); + return -TARGET_EINVAL; + } + + return 0; +} + +static abi_long target_to_host_nlmsg_audit(struct nlmsghdr *nlh, size_t len) +{ + return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_audit); +} + /* do_setsockopt() Must return target values and target errnos. */ static abi_long do_setsockopt(int sockfd, int level, int optname, abi_ulong optval_addr, socklen_t optlen) @@ -2706,6 +2745,21 @@ static TargetFdTrans target_netlink_route_trans = { .host_to_target_data = netlink_route_host_to_target, }; +static abi_long netlink_audit_target_to_host(void *buf, size_t len) +{ + return target_to_host_nlmsg_audit(buf, len); +} + +static abi_long netlink_audit_host_to_target(void *buf, size_t len) +{ + return host_to_target_nlmsg_audit(buf, len); +} + +static TargetFdTrans target_netlink_audit_trans = { + .target_to_host_data = netlink_audit_target_to_host, + .host_to_target_data = netlink_audit_host_to_target, +}; + /* do_socket() Must return target values and target errnos. */ static abi_long do_socket(int domain, int type, int protocol) { @@ -2719,7 +2773,8 @@ static abi_long do_socket(int domain, int type, int protocol) if (domain == PF_NETLINK && !(protocol == NETLINK_ROUTE || - protocol == NETLINK_KOBJECT_UEVENT)) { + protocol == NETLINK_KOBJECT_UEVENT || + protocol == NETLINK_AUDIT)) { return -EPFNOSUPPORT; } @@ -2744,6 +2799,9 @@ static abi_long do_socket(int domain, int type, int protocol) case NETLINK_KOBJECT_UEVENT: /* nothing to do: messages are strings */ break; + case NETLINK_AUDIT: + fd_trans_register(ret, &target_netlink_audit_trans); + break; default: g_assert_not_reached(); }