summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2013-11-15 11:29:02 -0500
committerEric Paris <eparis@redhat.com>2014-01-13 22:31:15 -0500
commita06e56b2a11b5f7d5354b05988f97118c90580d2 (patch)
tree59b4f9bf0b0ea1764a97b39b0afcbb1a8ffd04b4
parent04ee1a3b8f0584099370f8501ac785fd5d2ed6ff (diff)
downloadblackbird-op-linux-a06e56b2a11b5f7d5354b05988f97118c90580d2.tar.gz
blackbird-op-linux-a06e56b2a11b5f7d5354b05988f97118c90580d2.zip
audit: log AUDIT_TTY_SET config changes
Log transition of config changes when AUDIT_TTY_SET is called, including both enabled and log_passwd values now in the struct. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r--kernel/audit.c34
1 files changed, 26 insertions, 8 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 2dc757354693..fdb8528ceca3 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -989,20 +989,38 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
break;
}
case AUDIT_TTY_SET: {
- struct audit_tty_status s;
+ struct audit_tty_status s, old;
struct task_struct *tsk = current;
+ struct audit_buffer *ab;
+ int res = 0;
+
+ spin_lock(&tsk->sighand->siglock);
+ old.enabled = tsk->signal->audit_tty;
+ old.log_passwd = tsk->signal->audit_tty_log_passwd;
+ spin_unlock(&tsk->sighand->siglock);
memset(&s, 0, sizeof(s));
/* guard against past and future API changes */
memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh)));
- if ((s.enabled != 0 && s.enabled != 1) ||
- (s.log_passwd != 0 && s.log_passwd != 1))
+ if ((s.enabled == 0 || s.enabled == 1) &&
+ (s.log_passwd == 0 || s.log_passwd == 1))
+ res = 1;
+ audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE);
+ audit_log_format(ab, " op=tty_set"
+ " old-enabled=%d old-log_passwd=%d"
+ " new-enabled=%d new-log_passwd=%d"
+ " res=%d",
+ old.enabled, old.log_passwd,
+ s.enabled, s.log_passwd,
+ res);
+ audit_log_end(ab);
+ if (res) {
+ spin_lock(&tsk->sighand->siglock);
+ tsk->signal->audit_tty = s.enabled;
+ tsk->signal->audit_tty_log_passwd = s.log_passwd;
+ spin_unlock(&tsk->sighand->siglock);
+ } else
return -EINVAL;
-
- spin_lock(&tsk->sighand->siglock);
- tsk->signal->audit_tty = s.enabled;
- tsk->signal->audit_tty_log_passwd = s.log_passwd;
- spin_unlock(&tsk->sighand->siglock);
break;
}
default:
OpenPOWER on IntegriCloud