| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1494511203-8397-2-git-send-email-guilherme.magalhaes@hpe.com>
Date: Thu, 11 May 2017 10:59:53 -0300
From: Guilherme Magalhaes <guilherme.magalhaes@....com>
To: dmitry.kasatkin@...il.com, zohar@...ux.vnet.ibm.com
Cc: viro@...iv.linux.org.uk, james.l.morris@...cle.com,
serge@...lyn.com, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux-ima-devel@...ts.sourceforge.net,
linux-ima-user@...ts.sourceforge.net,
linux-security-module@...r.kernel.org, tycho@...ker.com,
joaquims@....com, nigel.edwards@....com,
Guilherme Magalhaes <guilherme.magalhaes@....com>
Subject: [RFC 01/11] ima: qualify pathname in audit info record
Adding new field (mount namespace id, along with already existent file
inode and device name) to uniquely identify a pathname considering
different mount namespaces. The file inode on a given device is unique
and these fields are required to identify a namespace id since this
id can be released and later reused by a different namespace.
Signed-off-by: Guilherme Magalhaes <guilherme.magalhaes@....com>
---
security/integrity/integrity_audit.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c
index 90987d1..e675e42 100644
--- a/security/integrity/integrity_audit.c
+++ b/security/integrity/integrity_audit.c
@@ -13,6 +13,7 @@
#include <linux/fs.h>
#include <linux/gfp.h>
#include <linux/audit.h>
+#include <linux/proc_ns.h>
#include "integrity.h"
static int integrity_audit_info;
@@ -52,8 +53,12 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
audit_log_format(ab, " comm=");
audit_log_untrustedstring(ab, get_task_comm(name, current));
if (fname) {
+ struct ns_common *ns;
audit_log_format(ab, " name=");
audit_log_untrustedstring(ab, fname);
+ ns = mntns_operations.get(current);
+ audit_log_format(ab, " mnt_ns=%u", ns->inum);
+ mntns_operations.put(ns);
}
if (inode) {
audit_log_format(ab, " dev=");
--
2.7.4
Powered by blists - more mailing lists