The following patch series is intended for the next merge cycle; review
and testing would be welcome. It seems to survive light beating here...
It can also be found in
git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current.git/ audit.b60
Have fun.
Shortlog:
Al Viro (15):
don't reallocate buffer in every audit_sockaddr()
sanitize audit_socketcall
sanitize audit_ipc_obj()
sanitize audit_ipc_set_perm()
sanitize audit_mq_getsetattr()
sanitize audit_mq_notify()
sanitize AUDIT_MQ_SENDRECV
sanitize audit_mq_open()
sanitize audit_fd_pair()
audit_update_lsm_rules() misses the audit_inode_hash[] ones
fixing audit rule ordering mess, part 1
audit rules ordering, part 2
make sure that filterkey of task,always rules is reported
clean up audit_rule_{add,del} a bit
audit: validate comparison operations, store them in sane form
Diffstat:
fs/pipe.c | 7 +-
include/linux/audit.h | 89 +++---
ipc/mqueue.c | 97 +++---
ipc/shm.c | 4 +-
ipc/util.c | 19 +-
kernel/audit.h | 5 +-
kernel/audit_tree.c | 3 +-
kernel/auditfilter.c | 325 ++++++++++----------
kernel/auditsc.c | 691 ++++++++++++++++------------------------
net/socket.c | 13 +-
security/selinux/ss/services.c | 26 +-
security/smack/smack_lsm.c | 6 +-
12 files changed, 557 insertions(+), 728 deletions(-)
On Wed, 2008-12-17 at 05:11 +0000, Al Viro wrote:
> The following patch series is intended for the next merge cycle; review
> and testing would be welcome. It seems to survive light beating here...
>
> It can also be found in
> git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current.git/ audit.b60
You can add my Acked-by or Reviewed-by to all of them except "fixing
audit rule ordering mess, part 1" if you can't find anything better to
do with your time....
-Eric