mirror/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
4b3e4ed6b0d958d7fb2f160bb8ebfb4f0db19382
linux/kernel
History
Richard Guy Briggs 4b3e4ed6b0 audit: unswing cap_* fields in PATH records 
The cap_* fields swing in and out of PATH records.
If no capabilities are set, the cap_* fields are completely missing and when
one of the cap_fi or cap_fp values is empty, that field is omitted.

Original:
type=PATH msg=audit(04/20/2017 12:17:11.222:193) : item=1 name=/lib64/ld-linux-x86-64.so.2 inode=787694 dev=08:03 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL
type=PATH msg=audit(04/20/2017 12:17:11.222:193) : item=0 name=/home/sleep inode=1319469 dev=08:03 mode=file,suid,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=sys_admin cap_fe=1 cap_fver=2

Normalize the PATH record by always printing all 4 cap_* fields.

Fixed:
type=PATH msg=audit(04/20/2017 13:01:31.679:201) : item=1 name=/lib64/ld-linux-x86-64.so.2 inode=787694 dev=08:03 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
type=PATH msg=audit(04/20/2017 13:01:31.679:201) : item=0 name=/home/sleep inode=1319469 dev=08:03 mode=file,suid,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=sys_admin cap_fi=none cap_fe=1 cap_fver=2

See: https://github.com/linux-audit/audit-kernel/issues/42

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2017-05-23 16:50:02 -04:00
..
bpf
bpf: fix checking xdp_adjust_head on tail calls
2017-04-17 15:51:57 -04:00
cgroup
Merge branch 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
2017-04-16 11:48:10 -07:00
configs
config: android-base: enable hardened usercopy and kernel ASLR
2017-02-27 18:43:46 -08:00
debug
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/debug.h>
2017-03-02 08:42:34 +01:00
events
Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-03-17 13:59:52 -07:00
gcov
gcov: add support for gcc version >= 6
2016-07-15 14:54:27 +09:00
irq
genirq/affinity: Fix calculating vectors to assign
2017-04-20 16:03:09 +02:00
livepatch
livepatch/module: make TAINT_LIVEPATCH module-specific
2016-08-26 14:42:08 +02:00
locking
sparc64: Use LOCKDEP_SMALL, not PROVE_LOCKING_SMALL
2017-04-18 13:11:07 -07:00
power
Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-03-03 10:16:38 -08:00
printk
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h>
2017-03-02 08:42:36 +01:00
rcu
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/debug.h>
2017-03-02 08:42:34 +01:00
sched
sched/cputime: Fix ksoftirqd cputime accounting regression
2017-04-27 09:08:26 +02:00
time
Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-03-07 14:45:22 -08:00
trace
ring-buffer: Have ring_buffer_iter_empty() return true when empty
2017-04-19 21:23:47 -04:00
.gitignore
acct.c
sched/headers: Prepare to move cputime functionality from <linux/sched.h> into <linux/sched/cputime.h>
2017-03-02 08:42:39 +01:00
async.c
audit_fsnotify.c
audit: remove unnecessary semicolon in audit_mark_handle_event()
2017-05-02 10:16:04 -04:00
audit_tree.c
audit: convert audit_tree.count from atomic_t to refcount_t
2017-05-02 10:16:04 -04:00
audit_watch.c
audit: convert audit_watch.count from atomic_t to refcount_t
2017-05-02 10:16:05 -04:00
audit.c
audit: unswing cap_* fields in PATH records
2017-05-23 16:50:02 -04:00
audit.h
audit: Use timespec64 to represent audit timestamps
2017-05-02 10:16:05 -04:00
auditfilter.c
audit: kernel generated netlink traffic should have a portid of 0
2017-05-02 10:16:05 -04:00
auditsc.c
audit: Use timespec64 to represent audit timestamps
2017-05-02 10:16:05 -04:00
backtracetest.c
bounds.c
capability.c
capability: export has_capability
2017-01-12 07:01:56 -07:00
compat.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
configs.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
context_tracking.c
cpu_pm.c
cpu.c
cpu/hotplug: Serialize callback invocations proper
2017-03-14 19:19:27 +01:00
crash_dump.c
cred.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/coredump.h>
2017-03-02 08:42:28 +01:00
delayacct.c
sched/headers: Prepare to move cputime functionality from <linux/sched.h> into <linux/sched/cputime.h>
2017-03-02 08:42:39 +01:00
dma.c
elfcore.c
exec_domain.c
exit.c
userfaultfd: non-cooperative: rollback userfaultfd_exit
2017-03-09 17:01:09 -08:00
extable.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2017-02-22 10:15:09 -08:00
fork.c
sched/headers, RCU: Move rcu_copy_process() from <linux/sched/task.h> to kernel/fork.c
2017-03-03 01:43:46 +01:00
freezer.c
freezer, oom: check TIF_MEMDIE on the correct task
2016-07-28 16:07:41 -07:00
futex_compat.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
futex.c
futex: Add missing error handling to FUTEX_REQUEUE_PI
2017-03-14 21:45:36 +01:00
groups.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
hung_task.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/debug.h>
2017-03-02 08:42:34 +01:00
irq_work.c
jump_label.c
Merge tag 'trace-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
2017-02-27 13:26:17 -08:00
kallsyms.c
bpf: make jited programs visible in traces
2017-02-17 13:40:05 -05:00
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks
locking/mutex: Allow MUTEX_SPIN_ON_OWNER when DEBUG_MUTEXES
2016-10-25 11:31:51 +02:00
Kconfig.preempt
kcov.c
kcov: make kcov work properly with KASLR enabled
2016-12-20 09:48:47 -08:00
kexec_core.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk
2017-02-22 17:33:34 -08:00
kexec_file.c
kexec, x86/purgatory: Unbreak it and clean it up
2017-03-10 20:55:09 +01:00
kexec_internal.h
kexec, x86/purgatory: Unbreak it and clean it up
2017-03-10 20:55:09 +01:00
kexec.c
kexec: allow architectures to override boot mapping
2016-08-02 19:35:27 -04:00
kmod.c
sched/headers, vfs/execve: Prepare to move the do_execve*() prototypes from <linux/sched.h> to <linux/binfmts.h>
2017-03-02 08:42:39 +01:00
kprobes.c
Merge tag 'powerpc-4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
2017-02-22 10:30:38 -08:00
ksysfs.c
kernel/ksysfs.c: add __ro_after_init to bin_attribute structure
2017-02-24 17:46:56 -08:00
kthread.c
cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups
2017-03-17 10:18:47 -04:00
latencytop.c
sched/headers: Prepare to move sched_info_on() and force_schedstat_enabled() from <linux/sched.h> to <linux/sched/stat.h>
2017-03-02 08:42:39 +01:00
Makefile
cgroup: move cgroup files under kernel/cgroup/
2016-12-27 14:49:05 -05:00
membarrier.c
Fix: Disable sys_membarrier when nohz_full is enabled
2017-01-23 11:32:16 -08:00
memremap.c
mm: add private lock to serialize memory hotplug operations
2017-03-16 16:56:18 -07:00
module_signing.c
module-internal.h
module.c
audit: log module name on delete_module
2017-05-02 10:16:04 -04:00
notifier.c
kernel/notifier.c: simplify expression
2017-02-24 17:46:56 -08:00
nsproxy.c
padata.c
padata: avoid race in reordering
2017-03-24 21:51:33 +08:00
panic.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/debug.h>
2017-03-02 08:42:34 +01:00
params.c
pid_namespace.c
sched/headers: Prepare for the reduction of <linux/sched.h>'s signal API dependency
2017-03-02 08:42:37 +01:00
pid.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h>
2017-03-02 08:42:35 +01:00
profile.c
sched/headers: Prepare to move sched_info_on() and force_schedstat_enabled() from <linux/sched.h> to <linux/sched/stat.h>
2017-03-02 08:42:39 +01:00
ptrace.c
ptrace: fix PTRACE_LISTEN race corrupting task->state
2017-04-08 00:47:48 -07:00
range.c
reboot.c
relay.c
lib/vsprintf.c: remove %Z support
2017-02-27 18:43:47 -08:00
resource.c
seccomp.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h>
2017-03-02 08:42:36 +01:00
signal.c
sched/headers: Prepare to move cputime functionality from <linux/sched.h> into <linux/sched/cputime.h>
2017-03-02 08:42:39 +01:00
smp.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/idle.h>
2017-03-02 08:42:26 +01:00
smpboot.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h>
2017-03-02 08:42:35 +01:00
smpboot.h
softirq.c
softirq: Display IRQ_POLL for irq-poll statistics
2016-10-21 15:45:47 -06:00
stacktrace.c
stacktrace, lockdep: Fix address, newline ugliness
2017-02-08 08:21:31 +01:00
stop_machine.c
locking/core, stop_machine: Yield the CPU during stop machine()
2016-11-16 10:15:09 +01:00
sys_ni.c
move aio compat to fs/aio.c
2016-12-22 22:58:37 -05:00
sys.c
sched/headers: Prepare to move cputime functionality from <linux/sched.h> into <linux/sched/cputime.h>
2017-03-02 08:42:39 +01:00
sysctl_binary.c
sysctl: add KERN_CONT to deprecated_sysctl_warning()
2016-12-14 16:04:07 -08:00
sysctl.c
sysctl: report EINVAL if value is larger than UINT_MAX for proc_douintvec
2017-04-08 10:27:40 -07:00
task_work.c
task_work: use READ_ONCE/lockless_dereference, avoid pi_lock if !task_works
2016-08-02 19:35:02 -04:00
taskstats.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-11-15 10:54:36 -05:00
test_kprobes.c
torture.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/clock.h>
2017-03-02 08:42:27 +01:00
tracepoint.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h>
2017-03-02 08:42:35 +01:00
tsacct.c
sched/headers: Prepare to move cputime functionality from <linux/sched.h> into <linux/sched/cputime.h>
2017-03-02 08:42:39 +01:00
ucount.c
ucount: Remove the atomicity from ucount->count
2017-03-06 15:26:37 -06:00
uid16.c
sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h>
2017-03-02 08:42:31 +01:00
up.c
smp: Add function to execute a function synchronously on a CPU
2016-09-05 13:52:39 +02:00
user_namespace.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h>
2017-03-02 08:42:29 +01:00
user-return-notifier.c
user.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/user.h>
2017-03-02 08:42:29 +01:00
utsname_sysctl.c
sched/headers: Remove <linux/rwsem.h> from <linux/sched.h>
2017-03-03 01:45:36 +01:00
utsname.c
sched/headers: Prepare to move the task_lock()/unlock() APIs to <linux/sched/task.h>
2017-03-02 08:42:38 +01:00
watchdog_hld.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/debug.h>
2017-03-02 08:42:34 +01:00
watchdog.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/debug.h>
2017-03-02 08:42:34 +01:00
workqueue_internal.h
workqueue.c
workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq
2017-03-06 15:33:42 -05:00