linux/include
Jeff Layton 79f6530cb5 audit: fix mq_open and mq_unlink to add the MQ root as a hidden parent audit_names record
The old audit PATH records for mq_open looked like this:

  type=PATH msg=audit(1366282323.982:869): item=1 name=(null) inode=6777
  dev=00:0c mode=041777 ouid=0 ogid=0 rdev=00:00
  obj=system_u:object_r:tmpfs_t:s15:c0.c1023
  type=PATH msg=audit(1366282323.982:869): item=0 name="test_mq" inode=26732
  dev=00:0c mode=0100700 ouid=0 ogid=0 rdev=00:00
  obj=staff_u:object_r:user_tmpfs_t:s15:c0.c1023

...with the audit related changes that went into 3.7, they now look like this:

  type=PATH msg=audit(1366282236.776:3606): item=2 name=(null) inode=66655
  dev=00:0c mode=0100700 ouid=0 ogid=0 rdev=00:00
  obj=staff_u:object_r:user_tmpfs_t:s15:c0.c1023
  type=PATH msg=audit(1366282236.776:3606): item=1 name=(null) inode=6926
  dev=00:0c mode=041777 ouid=0 ogid=0 rdev=00:00
  obj=system_u:object_r:tmpfs_t:s15:c0.c1023
  type=PATH msg=audit(1366282236.776:3606): item=0 name="test_mq"

Both of these look wrong to me.  As Steve Grubb pointed out:

 "What we need is 1 PATH record that identifies the MQ.  The other PATH
  records probably should not be there."

Fix it to record the mq root as a parent, and flag it such that it
should be hidden from view when the names are logged, since the root of
the mq filesystem isn't terribly interesting.  With this change, we get
a single PATH record that looks more like this:

  type=PATH msg=audit(1368021604.836:484): item=0 name="test_mq" inode=16914
  dev=00:0c mode=0100644 ouid=0 ogid=0 rdev=00:00
  obj=unconfined_u:object_r:user_tmpfs_t:s0

In order to do this, a new audit_inode_parent_hidden() function is
added.  If we do it this way, then we avoid having the existing callers
of audit_inode needing to do any sort of flag conversion if auditing is
inactive.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reported-by: Jiri Jaburek <jjaburek@redhat.com>
Cc: Steve Grubb <sgrubb@redhat.com>
Cc: Eric Paris <eparis@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-07-09 10:33:19 -07:00
..
acpi PCI changes for the v3.11 merge window: 2013-07-03 16:31:35 -07:00
asm-generic Merge branch 'cpuinit-delete' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2013-07-07 11:01:19 -07:00
clocksource clocksource: arch_timer: use virtual counters 2013-06-07 10:20:28 +01:00
crypto
drm Merge branch 'drm-radeon-sun-hainan' of git://people.freedesktop.org/~airlied/linux 2013-05-21 08:50:57 -07:00
dt-bindings ARM: at91: dt: add header to define at_hdmac configuration 2013-07-05 11:40:53 +05:30
keys
kvm ARM: KVM: Allow host virt timer irq to be different from guest timer virt irq 2013-06-26 10:50:02 -07:00
linux audit: fix mq_open and mq_unlink to add the MQ root as a hidden parent audit_names record 2013-07-09 10:33:19 -07:00
math-emu
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2013-06-18 06:25:08 -10:00
memory
misc
net ip_tunnel: remove __net_init/exit from exported functions 2013-06-13 03:00:59 -07:00
pcmcia
ras
rdma
rxrpc
scsi [SCSI] libiscsi: Added new boot entries in the session sysfs 2013-06-26 18:04:11 -07:00
sound ASoC: More updates for v3.11 2013-06-28 13:36:22 +02:00
target target: Propigate up ->cmd_kref put return via transport_generic_free_cmd 2013-05-31 01:21:23 -07:00
trace Merge branch 'akpm' (updates from Andrew Morton) 2013-07-03 17:12:13 -07:00
uapi A couple of fixes and clean-ups, allow for assigning user-defined 2013-07-05 12:09:48 -07:00
video Merge branch 'fbdev-3.10-fixes' of git://gitorious.org/linux-omap-dss2/linux into linux-fbdev/for-3.10-fixes 2013-05-29 17:00:34 +08:00
xen Power management and ACPI updates for 3.11-rc1 2013-07-03 14:35:40 -07:00
Kbuild