* linux-next: manual merge of the audit tree with the selinux tree
@ 2018-05-15 3:06 Stephen Rothwell
2018-05-15 3:16 ` Richard Guy Briggs
0 siblings, 1 reply; 5+ messages in thread
From: Stephen Rothwell @ 2018-05-15 3:06 UTC (permalink / raw)
To: Paul Moore
Cc: Linux-Next Mailing List, Linux Kernel Mailing List, Richard Guy Briggs
[-- Attachment #1: Type: text/plain, Size: 2705 bytes --]
Hi Paul,
Today's linux-next merge of the audit tree got a conflict in:
security/selinux/selinuxfs.c
between commit:
4195ed425d3c ("audit: normalize MAC_STATUS record")
from the selinux tree and commits:
cdfb6b341f0f ("audit: use inline function to get audit context")
d141136f523a ("audit: normalize MAC_POLICY_LOAD record")
from the audit tree.
I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging. You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.
--
Cheers,
Stephen Rothwell
diff --cc security/selinux/selinuxfs.c
index c0cadbc5f85c,35fd77737c59..000000000000
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@@ -167,13 -167,11 +167,13 @@@ static ssize_t sel_write_enforce(struc
NULL);
if (length)
goto out;
- audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
+ audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
- "enforcing=%d old_enforcing=%d auid=%u ses=%u",
+ "enforcing=%d old_enforcing=%d auid=%u ses=%u"
+ " enabled=%d old-enabled=%d lsm=selinux res=1",
new_value, old_value,
from_kuid(&init_user_ns, audit_get_loginuid(current)),
- audit_get_sessionid(current));
+ audit_get_sessionid(current),
+ selinux_enabled, selinux_enabled);
enforcing_set(state, new_value);
if (new_value)
avc_ss_reset(state->avc, 0);
@@@ -303,12 -299,10 +303,12 @@@ static ssize_t sel_write_disable(struc
length = selinux_disable(fsi->state);
if (length)
goto out;
- audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
+ audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
- "selinux=0 auid=%u ses=%u",
+ "enforcing=%d old_enforcing=%d auid=%u ses=%u"
+ " enabled=%d old-enabled=%d lsm=selinux res=1",
+ enforcing, enforcing,
from_kuid(&init_user_ns, audit_get_loginuid(current)),
- audit_get_sessionid(current));
+ audit_get_sessionid(current), 0, 1);
}
length = count;
@@@ -581,8 -575,8 +581,8 @@@ static ssize_t sel_write_load(struct fi
length = count;
out1:
- audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
+ audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
- "policy loaded auid=%u ses=%u",
+ "auid=%u ses=%u lsm=selinux res=1",
from_kuid(&init_user_ns, audit_get_loginuid(current)),
audit_get_sessionid(current));
out:
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 484 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: linux-next: manual merge of the audit tree with the selinux tree
2018-05-15 3:06 linux-next: manual merge of the audit tree with the selinux tree Stephen Rothwell
@ 2018-05-15 3:16 ` Richard Guy Briggs
2018-05-15 20:18 ` Paul Moore
0 siblings, 1 reply; 5+ messages in thread
From: Richard Guy Briggs @ 2018-05-15 3:16 UTC (permalink / raw)
To: Stephen Rothwell
Cc: Paul Moore, Linux-Next Mailing List, Linux Kernel Mailing List
On 2018-05-15 13:06, Stephen Rothwell wrote:
> Hi Paul,
>
> Today's linux-next merge of the audit tree got a conflict in:
>
> security/selinux/selinuxfs.c
>
> between commit:
>
> 4195ed425d3c ("audit: normalize MAC_STATUS record")
>
> from the selinux tree and commits:
>
> cdfb6b341f0f ("audit: use inline function to get audit context")
> d141136f523a ("audit: normalize MAC_POLICY_LOAD record")
>
> from the audit tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging. You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
This was expected... It looks ok.
> --
> Cheers,
> Stephen Rothwell
>
> diff --cc security/selinux/selinuxfs.c
> index c0cadbc5f85c,35fd77737c59..000000000000
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@@ -167,13 -167,11 +167,13 @@@ static ssize_t sel_write_enforce(struc
> NULL);
> if (length)
> goto out;
> - audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
> + audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
> - "enforcing=%d old_enforcing=%d auid=%u ses=%u",
> + "enforcing=%d old_enforcing=%d auid=%u ses=%u"
> + " enabled=%d old-enabled=%d lsm=selinux res=1",
> new_value, old_value,
> from_kuid(&init_user_ns, audit_get_loginuid(current)),
> - audit_get_sessionid(current));
> + audit_get_sessionid(current),
> + selinux_enabled, selinux_enabled);
> enforcing_set(state, new_value);
> if (new_value)
> avc_ss_reset(state->avc, 0);
> @@@ -303,12 -299,10 +303,12 @@@ static ssize_t sel_write_disable(struc
> length = selinux_disable(fsi->state);
> if (length)
> goto out;
> - audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
> + audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
> - "selinux=0 auid=%u ses=%u",
> + "enforcing=%d old_enforcing=%d auid=%u ses=%u"
> + " enabled=%d old-enabled=%d lsm=selinux res=1",
> + enforcing, enforcing,
> from_kuid(&init_user_ns, audit_get_loginuid(current)),
> - audit_get_sessionid(current));
> + audit_get_sessionid(current), 0, 1);
> }
>
> length = count;
> @@@ -581,8 -575,8 +581,8 @@@ static ssize_t sel_write_load(struct fi
> length = count;
>
> out1:
> - audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
> + audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
> - "policy loaded auid=%u ses=%u",
> + "auid=%u ses=%u lsm=selinux res=1",
> from_kuid(&init_user_ns, audit_get_loginuid(current)),
> audit_get_sessionid(current));
> out:
- RGB
--
Richard Guy Briggs <rgb@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: linux-next: manual merge of the audit tree with the selinux tree
2018-05-15 3:16 ` Richard Guy Briggs
@ 2018-05-15 20:18 ` Paul Moore
0 siblings, 0 replies; 5+ messages in thread
From: Paul Moore @ 2018-05-15 20:18 UTC (permalink / raw)
To: Richard Guy Briggs
Cc: Stephen Rothwell, Linux-Next Mailing List, Linux Kernel Mailing List
On Mon, May 14, 2018 at 11:16 PM, Richard Guy Briggs <rgb@redhat.com> wrote:
> On 2018-05-15 13:06, Stephen Rothwell wrote:
>> Hi Paul,
>>
>> Today's linux-next merge of the audit tree got a conflict in:
>>
>> security/selinux/selinuxfs.c
>>
>> between commit:
>>
>> 4195ed425d3c ("audit: normalize MAC_STATUS record")
>>
>> from the selinux tree and commits:
>>
>> cdfb6b341f0f ("audit: use inline function to get audit context")
>> d141136f523a ("audit: normalize MAC_POLICY_LOAD record")
>>
>> from the audit tree.
>>
>> I fixed it up (see below) and can carry the fix as necessary. This
>> is now fixed as far as linux-next is concerned, but any non trivial
>> conflicts should be mentioned to your upstream maintainer when your tree
>> is submitted for merging. You may also want to consider cooperating
>> with the maintainer of the conflicting tree to minimise any particularly
>> complex conflicts.
>
> This was expected... It looks ok.
Agreed. I had to apply the same patch to my testing kernels.
>> --
>> Cheers,
>> Stephen Rothwell
>>
>> diff --cc security/selinux/selinuxfs.c
>> index c0cadbc5f85c,35fd77737c59..000000000000
>> --- a/security/selinux/selinuxfs.c
>> +++ b/security/selinux/selinuxfs.c
>> @@@ -167,13 -167,11 +167,13 @@@ static ssize_t sel_write_enforce(struc
>> NULL);
>> if (length)
>> goto out;
>> - audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
>> + audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
>> - "enforcing=%d old_enforcing=%d auid=%u ses=%u",
>> + "enforcing=%d old_enforcing=%d auid=%u ses=%u"
>> + " enabled=%d old-enabled=%d lsm=selinux res=1",
>> new_value, old_value,
>> from_kuid(&init_user_ns, audit_get_loginuid(current)),
>> - audit_get_sessionid(current));
>> + audit_get_sessionid(current),
>> + selinux_enabled, selinux_enabled);
>> enforcing_set(state, new_value);
>> if (new_value)
>> avc_ss_reset(state->avc, 0);
>> @@@ -303,12 -299,10 +303,12 @@@ static ssize_t sel_write_disable(struc
>> length = selinux_disable(fsi->state);
>> if (length)
>> goto out;
>> - audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
>> + audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
>> - "selinux=0 auid=%u ses=%u",
>> + "enforcing=%d old_enforcing=%d auid=%u ses=%u"
>> + " enabled=%d old-enabled=%d lsm=selinux res=1",
>> + enforcing, enforcing,
>> from_kuid(&init_user_ns, audit_get_loginuid(current)),
>> - audit_get_sessionid(current));
>> + audit_get_sessionid(current), 0, 1);
>> }
>>
>> length = count;
>> @@@ -581,8 -575,8 +581,8 @@@ static ssize_t sel_write_load(struct fi
>> length = count;
>>
>> out1:
>> - audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
>> + audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
>> - "policy loaded auid=%u ses=%u",
>> + "auid=%u ses=%u lsm=selinux res=1",
>> from_kuid(&init_user_ns, audit_get_loginuid(current)),
>> audit_get_sessionid(current));
>> out:
>
>
>
> - RGB
>
> --
> Richard Guy Briggs <rgb@redhat.com>
> Sr. S/W Engineer, Kernel Security, Base Operating Systems
> Remote, Ottawa, Red Hat Canada
> IRC: rgb, SunRaycer
> Voice: +1.647.777.2635, Internal: (81) 32635
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: linux-next: manual merge of the audit tree with the selinux tree
2021-10-05 3:19 Stephen Rothwell
@ 2021-10-05 13:58 ` Paul Moore
0 siblings, 0 replies; 5+ messages in thread
From: Paul Moore @ 2021-10-05 13:58 UTC (permalink / raw)
To: Stephen Rothwell
Cc: Linux Kernel Mailing List, Linux Next Mailing List, Richard Guy Briggs
On Mon, Oct 4, 2021 at 11:19 PM Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Hi all,
>
> Today's linux-next merge of the audit tree got a conflict in:
>
> include/uapi/linux/audit.h
>
> between commit:
>
> 5bd2182d58e9 ("audit,io_uring,io-wq: add some basic audit support to io_uring")
>
> from the selinux tree and commit:
>
> 571e5c0efcb2 ("audit: add OPENAT2 record to list "how" info")
>
> from the audit tree.
Thanks Stephen, your fix below is correct and I'll make sure to
mention this to Linus when sending the SELinux and audit trees to him
during the next merge window.
> diff --cc include/uapi/linux/audit.h
> index ecf1edd2affa,afa2472ad5d6..000000000000
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@@ -118,7 -118,7 +118,8 @@@
> #define AUDIT_TIME_ADJNTPVAL 1333 /* NTP value adjustment */
> #define AUDIT_BPF 1334 /* BPF subsystem */
> #define AUDIT_EVENT_LISTENER 1335 /* Task joined multicast read socket */
> +#define AUDIT_URINGOP 1336 /* io_uring operation */
> + #define AUDIT_OPENAT2 1337 /* Record showing openat2 how args */
>
> #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
> #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* linux-next: manual merge of the audit tree with the selinux tree
@ 2021-10-05 3:19 Stephen Rothwell
2021-10-05 13:58 ` Paul Moore
0 siblings, 1 reply; 5+ messages in thread
From: Stephen Rothwell @ 2021-10-05 3:19 UTC (permalink / raw)
To: Paul Moore
Cc: Linux Kernel Mailing List, Linux Next Mailing List, Richard Guy Briggs
[-- Attachment #1: Type: text/plain, Size: 1378 bytes --]
Hi all,
Today's linux-next merge of the audit tree got a conflict in:
include/uapi/linux/audit.h
between commit:
5bd2182d58e9 ("audit,io_uring,io-wq: add some basic audit support to io_uring")
from the selinux tree and commit:
571e5c0efcb2 ("audit: add OPENAT2 record to list "how" info")
from the audit tree.
I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging. You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.
--
Cheers,
Stephen Rothwell
diff --cc include/uapi/linux/audit.h
index ecf1edd2affa,afa2472ad5d6..000000000000
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@@ -118,7 -118,7 +118,8 @@@
#define AUDIT_TIME_ADJNTPVAL 1333 /* NTP value adjustment */
#define AUDIT_BPF 1334 /* BPF subsystem */
#define AUDIT_EVENT_LISTENER 1335 /* Task joined multicast read socket */
+#define AUDIT_URINGOP 1336 /* io_uring operation */
+ #define AUDIT_OPENAT2 1337 /* Record showing openat2 how args */
#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-10-05 14:05 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-15 3:06 linux-next: manual merge of the audit tree with the selinux tree Stephen Rothwell
2018-05-15 3:16 ` Richard Guy Briggs
2018-05-15 20:18 ` Paul Moore
2021-10-05 3:19 Stephen Rothwell
2021-10-05 13:58 ` Paul Moore
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.