diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2012-02-07 16:53:48 -0800 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-09-18 01:00:26 -0700 |
commit | cca080d9b622094831672a136e5ee4f702d116b1 (patch) | |
tree | 7a8238c1c0a0d4de682e0ebb97dc06ab3a18fdb5 /kernel/audit.c | |
parent | e1760bd5ffae8cb98cffb030ee8e631eba28f3d8 (diff) |
userns: Convert audit to work with user namespaces enabled
- Explicitly format uids gids in audit messges in the initial user
namespace. This is safe because auditd is restrected to be in
the initial user namespace.
- Convert audit_sig_uid into a kuid_t.
- Enable building the audit code and user namespaces at the same time.
The net result is that the audit subsystem now uses kuid_t and kgid_t whenever
possible making it almost impossible to confuse a raw uid_t with a kuid_t
preventing bugs.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r-- | kernel/audit.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 44a4b13c9f0..511488a7bc7 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -105,7 +105,7 @@ static int audit_backlog_wait_time = 60 * HZ; static int audit_backlog_wait_overflow = 0; /* The identity of the user shutting down the audit system. */ -uid_t audit_sig_uid = -1; +kuid_t audit_sig_uid = INVALID_UID; pid_t audit_sig_pid = -1; u32 audit_sig_sid = 0; @@ -853,7 +853,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) security_release_secctx(ctx, len); return -ENOMEM; } - sig_data->uid = audit_sig_uid; + sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; if (audit_sig_sid) { memcpy(sig_data->ctx, ctx, len); |