* [RFC PATCH ghak86 V1] audit: eliminate audit_enabled magic number comparison
@ 2018-06-05 23:20 Richard Guy Briggs
2018-06-12 20:33 ` Paul Moore
2018-06-19 15:10 ` Paul Moore
0 siblings, 2 replies; 4+ messages in thread
From: Richard Guy Briggs @ 2018-06-05 23:20 UTC (permalink / raw)
To: Linux-Audit Mailing List, LKML,
Linux NetDev Upstream Mailing List, Netfilter Devel List,
Linux Security Module list
Cc: Eric Paris, Paul Moore, Steve Grubb, Richard Guy Briggs
Remove comparison of audit_enabled to magic numbers outside of audit.
Related: https://github.com/linux-audit/audit-kernel/issues/86
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
drivers/tty/tty_audit.c | 2 +-
include/linux/audit.h | 5 ++++-
include/net/xfrm.h | 2 +-
kernel/audit.c | 3 ---
net/netfilter/xt_AUDIT.c | 2 +-
net/netlabel/netlabel_user.c | 2 +-
6 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
index e30aa6b..50f567b 100644
--- a/drivers/tty/tty_audit.c
+++ b/drivers/tty/tty_audit.c
@@ -92,7 +92,7 @@ static void tty_audit_buf_push(struct tty_audit_buf *buf)
{
if (buf->valid == 0)
return;
- if (audit_enabled == 0) {
+ if (audit_enabled == AUDIT_OFF) {
buf->valid = 0;
return;
}
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 69c7847..9334fbe 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -117,6 +117,9 @@ struct audit_field {
extern void audit_log_session_info(struct audit_buffer *ab);
+#define AUDIT_OFF 0
+#define AUDIT_ON 1
+#define AUDIT_LOCKED 2
#ifdef CONFIG_AUDIT
/* These are defined in audit.c */
/* Public API */
@@ -202,7 +205,7 @@ static inline int audit_log_task_context(struct audit_buffer *ab)
static inline void audit_log_task_info(struct audit_buffer *ab,
struct task_struct *tsk)
{ }
-#define audit_enabled 0
+#define audit_enabled AUDIT_OFF
#endif /* CONFIG_AUDIT */
#ifdef CONFIG_AUDIT_COMPAT_GENERIC
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 7f2e31a..ce995a1 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -734,7 +734,7 @@ static inline struct audit_buffer *xfrm_audit_start(const char *op)
{
struct audit_buffer *audit_buf = NULL;
- if (audit_enabled == 0)
+ if (audit_enabled == AUDIT_OFF)
return NULL;
audit_buf = audit_log_start(audit_context(), GFP_ATOMIC,
AUDIT_MAC_IPSEC_EVENT);
diff --git a/kernel/audit.c b/kernel/audit.c
index e7478cb..8442c65 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -83,9 +83,6 @@
#define AUDIT_INITIALIZED 1
static int audit_initialized;
-#define AUDIT_OFF 0
-#define AUDIT_ON 1
-#define AUDIT_LOCKED 2
u32 audit_enabled = AUDIT_OFF;
bool audit_ever_enabled = !!AUDIT_OFF;
diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c
index f368ee6..af883f1 100644
--- a/net/netfilter/xt_AUDIT.c
+++ b/net/netfilter/xt_AUDIT.c
@@ -72,7 +72,7 @@ static bool audit_ip6(struct audit_buffer *ab, struct sk_buff *skb)
struct audit_buffer *ab;
int fam = -1;
- if (audit_enabled == 0)
+ if (audit_enabled == AUDIT_OFF)
goto errout;
ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
if (ab == NULL)
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 2f328af..4676f5b 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -101,7 +101,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
char *secctx;
u32 secctx_len;
- if (audit_enabled == 0)
+ if (audit_enabled == AUDIT_OFF)
return NULL;
audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, type);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [RFC PATCH ghak86 V1] audit: eliminate audit_enabled magic number comparison
2018-06-05 23:20 [RFC PATCH ghak86 V1] audit: eliminate audit_enabled magic number comparison Richard Guy Briggs
@ 2018-06-12 20:33 ` Paul Moore
2018-06-12 20:45 ` Richard Guy Briggs
2018-06-19 15:10 ` Paul Moore
1 sibling, 1 reply; 4+ messages in thread
From: Paul Moore @ 2018-06-12 20:33 UTC (permalink / raw)
To: Richard Guy Briggs
Cc: Linux-Audit Mailing List, LKML,
Linux NetDev Upstream Mailing List, Netfilter Devel List,
Linux Security Module list, Eric Paris, Steve Grubb
On Tue, Jun 5, 2018 at 7:20 PM, Richard Guy Briggs <rgb@redhat.com> wrote:
> Remove comparison of audit_enabled to magic numbers outside of audit.
>
> Related: https://github.com/linux-audit/audit-kernel/issues/86
>
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
> drivers/tty/tty_audit.c | 2 +-
> include/linux/audit.h | 5 ++++-
> include/net/xfrm.h | 2 +-
> kernel/audit.c | 3 ---
> net/netfilter/xt_AUDIT.c | 2 +-
> net/netlabel/netlabel_user.c | 2 +-
> 6 files changed, 8 insertions(+), 8 deletions(-)
An improvement, thank you. Thankfully there are no tariffs on patches
so I've queued this up for after the merge window.
> diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
> index e30aa6b..50f567b 100644
> --- a/drivers/tty/tty_audit.c
> +++ b/drivers/tty/tty_audit.c
> @@ -92,7 +92,7 @@ static void tty_audit_buf_push(struct tty_audit_buf *buf)
> {
> if (buf->valid == 0)
> return;
> - if (audit_enabled == 0) {
> + if (audit_enabled == AUDIT_OFF) {
> buf->valid = 0;
> return;
> }
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 69c7847..9334fbe 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -117,6 +117,9 @@ struct audit_field {
>
> extern void audit_log_session_info(struct audit_buffer *ab);
>
> +#define AUDIT_OFF 0
> +#define AUDIT_ON 1
> +#define AUDIT_LOCKED 2
> #ifdef CONFIG_AUDIT
> /* These are defined in audit.c */
> /* Public API */
> @@ -202,7 +205,7 @@ static inline int audit_log_task_context(struct audit_buffer *ab)
> static inline void audit_log_task_info(struct audit_buffer *ab,
> struct task_struct *tsk)
> { }
> -#define audit_enabled 0
> +#define audit_enabled AUDIT_OFF
> #endif /* CONFIG_AUDIT */
>
> #ifdef CONFIG_AUDIT_COMPAT_GENERIC
> diff --git a/include/net/xfrm.h b/include/net/xfrm.h
> index 7f2e31a..ce995a1 100644
> --- a/include/net/xfrm.h
> +++ b/include/net/xfrm.h
> @@ -734,7 +734,7 @@ static inline struct audit_buffer *xfrm_audit_start(const char *op)
> {
> struct audit_buffer *audit_buf = NULL;
>
> - if (audit_enabled == 0)
> + if (audit_enabled == AUDIT_OFF)
> return NULL;
> audit_buf = audit_log_start(audit_context(), GFP_ATOMIC,
> AUDIT_MAC_IPSEC_EVENT);
> diff --git a/kernel/audit.c b/kernel/audit.c
> index e7478cb..8442c65 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -83,9 +83,6 @@
> #define AUDIT_INITIALIZED 1
> static int audit_initialized;
>
> -#define AUDIT_OFF 0
> -#define AUDIT_ON 1
> -#define AUDIT_LOCKED 2
> u32 audit_enabled = AUDIT_OFF;
> bool audit_ever_enabled = !!AUDIT_OFF;
>
> diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c
> index f368ee6..af883f1 100644
> --- a/net/netfilter/xt_AUDIT.c
> +++ b/net/netfilter/xt_AUDIT.c
> @@ -72,7 +72,7 @@ static bool audit_ip6(struct audit_buffer *ab, struct sk_buff *skb)
> struct audit_buffer *ab;
> int fam = -1;
>
> - if (audit_enabled == 0)
> + if (audit_enabled == AUDIT_OFF)
> goto errout;
> ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
> if (ab == NULL)
> diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
> index 2f328af..4676f5b 100644
> --- a/net/netlabel/netlabel_user.c
> +++ b/net/netlabel/netlabel_user.c
> @@ -101,7 +101,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
> char *secctx;
> u32 secctx_len;
>
> - if (audit_enabled == 0)
> + if (audit_enabled == AUDIT_OFF)
> return NULL;
>
> audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, type);
> --
> 1.8.3.1
>
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [RFC PATCH ghak86 V1] audit: eliminate audit_enabled magic number comparison
2018-06-12 20:33 ` Paul Moore
@ 2018-06-12 20:45 ` Richard Guy Briggs
0 siblings, 0 replies; 4+ messages in thread
From: Richard Guy Briggs @ 2018-06-12 20:45 UTC (permalink / raw)
To: Paul Moore
Cc: Linux-Audit Mailing List, LKML,
Linux NetDev Upstream Mailing List, Netfilter Devel List,
Linux Security Module list, Eric Paris, Steve Grubb
On 2018-06-12 16:33, Paul Moore wrote:
> On Tue, Jun 5, 2018 at 7:20 PM, Richard Guy Briggs <rgb@redhat.com> wrote:
> > Remove comparison of audit_enabled to magic numbers outside of audit.
> >
> > Related: https://github.com/linux-audit/audit-kernel/issues/86
> >
> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> > ---
> > drivers/tty/tty_audit.c | 2 +-
> > include/linux/audit.h | 5 ++++-
> > include/net/xfrm.h | 2 +-
> > kernel/audit.c | 3 ---
> > net/netfilter/xt_AUDIT.c | 2 +-
> > net/netlabel/netlabel_user.c | 2 +-
> > 6 files changed, 8 insertions(+), 8 deletions(-)
>
> An improvement, thank you. Thankfully there are no tariffs on patches
> so I've queued this up for after the merge window.
Check with the So Called Ruler Of The United States first just to be
sure. I'll dress it up in a kurta if that helps.
> > diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
> > index e30aa6b..50f567b 100644
> > --- a/drivers/tty/tty_audit.c
> > +++ b/drivers/tty/tty_audit.c
> > @@ -92,7 +92,7 @@ static void tty_audit_buf_push(struct tty_audit_buf *buf)
> > {
> > if (buf->valid == 0)
> > return;
> > - if (audit_enabled == 0) {
> > + if (audit_enabled == AUDIT_OFF) {
> > buf->valid = 0;
> > return;
> > }
> > diff --git a/include/linux/audit.h b/include/linux/audit.h
> > index 69c7847..9334fbe 100644
> > --- a/include/linux/audit.h
> > +++ b/include/linux/audit.h
> > @@ -117,6 +117,9 @@ struct audit_field {
> >
> > extern void audit_log_session_info(struct audit_buffer *ab);
> >
> > +#define AUDIT_OFF 0
> > +#define AUDIT_ON 1
> > +#define AUDIT_LOCKED 2
> > #ifdef CONFIG_AUDIT
> > /* These are defined in audit.c */
> > /* Public API */
> > @@ -202,7 +205,7 @@ static inline int audit_log_task_context(struct audit_buffer *ab)
> > static inline void audit_log_task_info(struct audit_buffer *ab,
> > struct task_struct *tsk)
> > { }
> > -#define audit_enabled 0
> > +#define audit_enabled AUDIT_OFF
> > #endif /* CONFIG_AUDIT */
> >
> > #ifdef CONFIG_AUDIT_COMPAT_GENERIC
> > diff --git a/include/net/xfrm.h b/include/net/xfrm.h
> > index 7f2e31a..ce995a1 100644
> > --- a/include/net/xfrm.h
> > +++ b/include/net/xfrm.h
> > @@ -734,7 +734,7 @@ static inline struct audit_buffer *xfrm_audit_start(const char *op)
> > {
> > struct audit_buffer *audit_buf = NULL;
> >
> > - if (audit_enabled == 0)
> > + if (audit_enabled == AUDIT_OFF)
> > return NULL;
> > audit_buf = audit_log_start(audit_context(), GFP_ATOMIC,
> > AUDIT_MAC_IPSEC_EVENT);
> > diff --git a/kernel/audit.c b/kernel/audit.c
> > index e7478cb..8442c65 100644
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@ -83,9 +83,6 @@
> > #define AUDIT_INITIALIZED 1
> > static int audit_initialized;
> >
> > -#define AUDIT_OFF 0
> > -#define AUDIT_ON 1
> > -#define AUDIT_LOCKED 2
> > u32 audit_enabled = AUDIT_OFF;
> > bool audit_ever_enabled = !!AUDIT_OFF;
> >
> > diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c
> > index f368ee6..af883f1 100644
> > --- a/net/netfilter/xt_AUDIT.c
> > +++ b/net/netfilter/xt_AUDIT.c
> > @@ -72,7 +72,7 @@ static bool audit_ip6(struct audit_buffer *ab, struct sk_buff *skb)
> > struct audit_buffer *ab;
> > int fam = -1;
> >
> > - if (audit_enabled == 0)
> > + if (audit_enabled == AUDIT_OFF)
> > goto errout;
> > ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
> > if (ab == NULL)
> > diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
> > index 2f328af..4676f5b 100644
> > --- a/net/netlabel/netlabel_user.c
> > +++ b/net/netlabel/netlabel_user.c
> > @@ -101,7 +101,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
> > char *secctx;
> > u32 secctx_len;
> >
> > - if (audit_enabled == 0)
> > + if (audit_enabled == AUDIT_OFF)
> > return NULL;
> >
> > audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, type);
>
> paul moore
- RGB
--
Richard Guy Briggs <rgb@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [RFC PATCH ghak86 V1] audit: eliminate audit_enabled magic number comparison
2018-06-05 23:20 [RFC PATCH ghak86 V1] audit: eliminate audit_enabled magic number comparison Richard Guy Briggs
2018-06-12 20:33 ` Paul Moore
@ 2018-06-19 15:10 ` Paul Moore
1 sibling, 0 replies; 4+ messages in thread
From: Paul Moore @ 2018-06-19 15:10 UTC (permalink / raw)
To: rgb
Cc: linux-audit, linux-kernel, netdev, netfilter-devel,
linux-security-module, Eric Paris, sgrubb
On Tue, Jun 5, 2018 at 7:22 PM Richard Guy Briggs <rgb@redhat.com> wrote:
>
> Remove comparison of audit_enabled to magic numbers outside of audit.
>
> Related: https://github.com/linux-audit/audit-kernel/issues/86
>
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
> drivers/tty/tty_audit.c | 2 +-
> include/linux/audit.h | 5 ++++-
> include/net/xfrm.h | 2 +-
> kernel/audit.c | 3 ---
> net/netfilter/xt_AUDIT.c | 2 +-
> net/netlabel/netlabel_user.c | 2 +-
> 6 files changed, 8 insertions(+), 8 deletions(-)
Merged, thanks.
> diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
> index e30aa6b..50f567b 100644
> --- a/drivers/tty/tty_audit.c
> +++ b/drivers/tty/tty_audit.c
> @@ -92,7 +92,7 @@ static void tty_audit_buf_push(struct tty_audit_buf *buf)
> {
> if (buf->valid == 0)
> return;
> - if (audit_enabled == 0) {
> + if (audit_enabled == AUDIT_OFF) {
> buf->valid = 0;
> return;
> }
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 69c7847..9334fbe 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -117,6 +117,9 @@ struct audit_field {
>
> extern void audit_log_session_info(struct audit_buffer *ab);
>
> +#define AUDIT_OFF 0
> +#define AUDIT_ON 1
> +#define AUDIT_LOCKED 2
> #ifdef CONFIG_AUDIT
> /* These are defined in audit.c */
> /* Public API */
> @@ -202,7 +205,7 @@ static inline int audit_log_task_context(struct audit_buffer *ab)
> static inline void audit_log_task_info(struct audit_buffer *ab,
> struct task_struct *tsk)
> { }
> -#define audit_enabled 0
> +#define audit_enabled AUDIT_OFF
> #endif /* CONFIG_AUDIT */
>
> #ifdef CONFIG_AUDIT_COMPAT_GENERIC
> diff --git a/include/net/xfrm.h b/include/net/xfrm.h
> index 7f2e31a..ce995a1 100644
> --- a/include/net/xfrm.h
> +++ b/include/net/xfrm.h
> @@ -734,7 +734,7 @@ static inline struct audit_buffer *xfrm_audit_start(const char *op)
> {
> struct audit_buffer *audit_buf = NULL;
>
> - if (audit_enabled == 0)
> + if (audit_enabled == AUDIT_OFF)
> return NULL;
> audit_buf = audit_log_start(audit_context(), GFP_ATOMIC,
> AUDIT_MAC_IPSEC_EVENT);
> diff --git a/kernel/audit.c b/kernel/audit.c
> index e7478cb..8442c65 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -83,9 +83,6 @@
> #define AUDIT_INITIALIZED 1
> static int audit_initialized;
>
> -#define AUDIT_OFF 0
> -#define AUDIT_ON 1
> -#define AUDIT_LOCKED 2
> u32 audit_enabled = AUDIT_OFF;
> bool audit_ever_enabled = !!AUDIT_OFF;
>
> diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c
> index f368ee6..af883f1 100644
> --- a/net/netfilter/xt_AUDIT.c
> +++ b/net/netfilter/xt_AUDIT.c
> @@ -72,7 +72,7 @@ static bool audit_ip6(struct audit_buffer *ab, struct sk_buff *skb)
> struct audit_buffer *ab;
> int fam = -1;
>
> - if (audit_enabled == 0)
> + if (audit_enabled == AUDIT_OFF)
> goto errout;
> ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
> if (ab == NULL)
> diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
> index 2f328af..4676f5b 100644
> --- a/net/netlabel/netlabel_user.c
> +++ b/net/netlabel/netlabel_user.c
> @@ -101,7 +101,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
> char *secctx;
> u32 secctx_len;
>
> - if (audit_enabled == 0)
> + if (audit_enabled == AUDIT_OFF)
> return NULL;
>
> audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, type);
> --
> 1.8.3.1
>
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-06-19 15:11 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-05 23:20 [RFC PATCH ghak86 V1] audit: eliminate audit_enabled magic number comparison Richard Guy Briggs
2018-06-12 20:33 ` Paul Moore
2018-06-12 20:45 ` Richard Guy Briggs
2018-06-19 15:10 ` Paul Moore
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).