git://git.onelab.eu
/
linux-2.6.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fedora core 6 1.2949 + vserver 2.2.0
[linux-2.6.git]
/
kernel
/
auditfilter.c
diff --git
a/kernel/auditfilter.c
b/kernel/auditfilter.c
index
a44879b
..
9c8c232
100644
(file)
--- a/
kernel/auditfilter.c
+++ b/
kernel/auditfilter.c
@@
-411,7
+411,6
@@
static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
case AUDIT_FSGID:
case AUDIT_LOGINUID:
case AUDIT_PERS:
case AUDIT_FSGID:
case AUDIT_LOGINUID:
case AUDIT_PERS:
- case AUDIT_ARCH:
case AUDIT_MSGTYPE:
case AUDIT_PPID:
case AUDIT_DEVMAJOR:
case AUDIT_MSGTYPE:
case AUDIT_PPID:
case AUDIT_DEVMAJOR:
@@
-423,6
+422,14
@@
static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
case AUDIT_ARG2:
case AUDIT_ARG3:
break;
case AUDIT_ARG2:
case AUDIT_ARG3:
break;
+ /* arch is only allowed to be = or != */
+ case AUDIT_ARCH:
+ if ((f->op != AUDIT_NOT_EQUAL) && (f->op != AUDIT_EQUAL)
+ && (f->op != AUDIT_NEGATE) && (f->op)) {
+ err = -EINVAL;
+ goto exit_free;
+ }
+ break;
case AUDIT_PERM:
if (f->val & ~15)
goto exit_free;
case AUDIT_PERM:
if (f->val & ~15)
goto exit_free;
@@
-629,10
+636,9
@@
static struct audit_rule *audit_krule_to_rule(struct audit_krule *krule)
struct audit_rule *rule;
int i;
struct audit_rule *rule;
int i;
- rule = k
m
alloc(sizeof(*rule), GFP_KERNEL);
+ rule = k
z
alloc(sizeof(*rule), GFP_KERNEL);
if (unlikely(!rule))
return NULL;
if (unlikely(!rule))
return NULL;
- memset(rule, 0, sizeof(*rule));
rule->flags = krule->flags | krule->listnr;
rule->action = krule->action;
rule->flags = krule->flags | krule->listnr;
rule->action = krule->action;
@@
-794,8
+800,8
@@
static inline int audit_dupe_selinux_field(struct audit_field *df,
/* our own copy of se_str */
se_str = kstrdup(sf->se_str, GFP_KERNEL);
/* our own copy of se_str */
se_str = kstrdup(sf->se_str, GFP_KERNEL);
- if (unlikely(
IS_ERR(se_str)
))
- return -ENOMEM;
+ if (unlikely(
!se_str
))
+
return -ENOMEM;
df->se_str = se_str;
/* our own (refreshed) copy of se_rule */
df->se_str = se_str;
/* our own (refreshed) copy of se_rule */
@@
-1398,7
+1404,7
@@
static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action,
if (sid) {
char *ctx = NULL;
u32 len;
if (sid) {
char *ctx = NULL;
u32 len;
- if (selinux_
ctx
id_to_string(sid, &ctx, &len))
+ if (selinux_
s
id_to_string(sid, &ctx, &len))
audit_log_format(ab, " ssid=%u", sid);
else
audit_log_format(ab, " subj=%s", ctx);
audit_log_format(ab, " ssid=%u", sid);
else
audit_log_format(ab, " subj=%s", ctx);