LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* linux-next: manual merge of the audit tree with the selinux tree
@ 2018-05-15  3:06 Stephen Rothwell
  2018-05-15  3:16 ` Richard Guy Briggs
  0 siblings, 1 reply; 5+ messages in thread
From: Stephen Rothwell @ 2018-05-15  3:06 UTC (permalink / raw)
  To: Paul Moore
  Cc: Linux-Next Mailing List, Linux Kernel Mailing List, Richard Guy Briggs

[-- Attachment #1: Type: text/plain, Size: 2705 bytes --]

Hi Paul,

Today's linux-next merge of the audit tree got a conflict in:

  security/selinux/selinuxfs.c

between commit:

  4195ed425d3c ("audit: normalize MAC_STATUS record")

from the selinux tree and commits:

  cdfb6b341f0f ("audit: use inline function to get audit context")
  d141136f523a ("audit: normalize MAC_POLICY_LOAD record")

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc security/selinux/selinuxfs.c
index c0cadbc5f85c,35fd77737c59..000000000000
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@@ -167,13 -167,11 +167,13 @@@ static ssize_t sel_write_enforce(struc
  				      NULL);
  		if (length)
  			goto out;
- 		audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
+ 		audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
 -			"enforcing=%d old_enforcing=%d auid=%u ses=%u",
 +			"enforcing=%d old_enforcing=%d auid=%u ses=%u"
 +			" enabled=%d old-enabled=%d lsm=selinux res=1",
  			new_value, old_value,
  			from_kuid(&init_user_ns, audit_get_loginuid(current)),
 -			audit_get_sessionid(current));
 +			audit_get_sessionid(current),
 +			selinux_enabled, selinux_enabled);
  		enforcing_set(state, new_value);
  		if (new_value)
  			avc_ss_reset(state->avc, 0);
@@@ -303,12 -299,10 +303,12 @@@ static ssize_t sel_write_disable(struc
  		length = selinux_disable(fsi->state);
  		if (length)
  			goto out;
- 		audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
+ 		audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
 -			"selinux=0 auid=%u ses=%u",
 +			"enforcing=%d old_enforcing=%d auid=%u ses=%u"
 +			" enabled=%d old-enabled=%d lsm=selinux res=1",
 +			enforcing, enforcing,
  			from_kuid(&init_user_ns, audit_get_loginuid(current)),
 -			audit_get_sessionid(current));
 +			audit_get_sessionid(current), 0, 1);
  	}
  
  	length = count;
@@@ -581,8 -575,8 +581,8 @@@ static ssize_t sel_write_load(struct fi
  	length = count;
  
  out1:
- 	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
+ 	audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
 -		"policy loaded auid=%u ses=%u",
 +		"auid=%u ses=%u lsm=selinux res=1",
  		from_kuid(&init_user_ns, audit_get_loginuid(current)),
  		audit_get_sessionid(current));
  out:

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 484 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: linux-next: manual merge of the audit tree with the selinux tree
  2018-05-15  3:06 linux-next: manual merge of the audit tree with the selinux tree Stephen Rothwell
@ 2018-05-15  3:16 ` Richard Guy Briggs
  2018-05-15 20:18   ` Paul Moore
  0 siblings, 1 reply; 5+ messages in thread
From: Richard Guy Briggs @ 2018-05-15  3:16 UTC (permalink / raw)
  To: Stephen Rothwell
  Cc: Paul Moore, Linux-Next Mailing List, Linux Kernel Mailing List

On 2018-05-15 13:06, Stephen Rothwell wrote:
> Hi Paul,
> 
> Today's linux-next merge of the audit tree got a conflict in:
> 
>   security/selinux/selinuxfs.c
> 
> between commit:
> 
>   4195ed425d3c ("audit: normalize MAC_STATUS record")
> 
> from the selinux tree and commits:
> 
>   cdfb6b341f0f ("audit: use inline function to get audit context")
>   d141136f523a ("audit: normalize MAC_POLICY_LOAD record")
> 
> from the audit tree.
> 
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.

This was expected...  It looks ok.

> -- 
> Cheers,
> Stephen Rothwell
> 
> diff --cc security/selinux/selinuxfs.c
> index c0cadbc5f85c,35fd77737c59..000000000000
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@@ -167,13 -167,11 +167,13 @@@ static ssize_t sel_write_enforce(struc
>   				      NULL);
>   		if (length)
>   			goto out;
> - 		audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
> + 		audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
>  -			"enforcing=%d old_enforcing=%d auid=%u ses=%u",
>  +			"enforcing=%d old_enforcing=%d auid=%u ses=%u"
>  +			" enabled=%d old-enabled=%d lsm=selinux res=1",
>   			new_value, old_value,
>   			from_kuid(&init_user_ns, audit_get_loginuid(current)),
>  -			audit_get_sessionid(current));
>  +			audit_get_sessionid(current),
>  +			selinux_enabled, selinux_enabled);
>   		enforcing_set(state, new_value);
>   		if (new_value)
>   			avc_ss_reset(state->avc, 0);
> @@@ -303,12 -299,10 +303,12 @@@ static ssize_t sel_write_disable(struc
>   		length = selinux_disable(fsi->state);
>   		if (length)
>   			goto out;
> - 		audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
> + 		audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
>  -			"selinux=0 auid=%u ses=%u",
>  +			"enforcing=%d old_enforcing=%d auid=%u ses=%u"
>  +			" enabled=%d old-enabled=%d lsm=selinux res=1",
>  +			enforcing, enforcing,
>   			from_kuid(&init_user_ns, audit_get_loginuid(current)),
>  -			audit_get_sessionid(current));
>  +			audit_get_sessionid(current), 0, 1);
>   	}
>   
>   	length = count;
> @@@ -581,8 -575,8 +581,8 @@@ static ssize_t sel_write_load(struct fi
>   	length = count;
>   
>   out1:
> - 	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
> + 	audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
>  -		"policy loaded auid=%u ses=%u",
>  +		"auid=%u ses=%u lsm=selinux res=1",
>   		from_kuid(&init_user_ns, audit_get_loginuid(current)),
>   		audit_get_sessionid(current));
>   out:



- RGB

--
Richard Guy Briggs <rgb@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: linux-next: manual merge of the audit tree with the selinux tree
  2018-05-15  3:16 ` Richard Guy Briggs
@ 2018-05-15 20:18   ` Paul Moore
  0 siblings, 0 replies; 5+ messages in thread
From: Paul Moore @ 2018-05-15 20:18 UTC (permalink / raw)
  To: Richard Guy Briggs
  Cc: Stephen Rothwell, Linux-Next Mailing List, Linux Kernel Mailing List

On Mon, May 14, 2018 at 11:16 PM, Richard Guy Briggs <rgb@redhat.com> wrote:
> On 2018-05-15 13:06, Stephen Rothwell wrote:
>> Hi Paul,
>>
>> Today's linux-next merge of the audit tree got a conflict in:
>>
>>   security/selinux/selinuxfs.c
>>
>> between commit:
>>
>>   4195ed425d3c ("audit: normalize MAC_STATUS record")
>>
>> from the selinux tree and commits:
>>
>>   cdfb6b341f0f ("audit: use inline function to get audit context")
>>   d141136f523a ("audit: normalize MAC_POLICY_LOAD record")
>>
>> from the audit tree.
>>
>> I fixed it up (see below) and can carry the fix as necessary. This
>> is now fixed as far as linux-next is concerned, but any non trivial
>> conflicts should be mentioned to your upstream maintainer when your tree
>> is submitted for merging.  You may also want to consider cooperating
>> with the maintainer of the conflicting tree to minimise any particularly
>> complex conflicts.
>
> This was expected...  It looks ok.

Agreed.  I had to apply the same patch to my testing kernels.

>> --
>> Cheers,
>> Stephen Rothwell
>>
>> diff --cc security/selinux/selinuxfs.c
>> index c0cadbc5f85c,35fd77737c59..000000000000
>> --- a/security/selinux/selinuxfs.c
>> +++ b/security/selinux/selinuxfs.c
>> @@@ -167,13 -167,11 +167,13 @@@ static ssize_t sel_write_enforce(struc
>>                                     NULL);
>>               if (length)
>>                       goto out;
>> -             audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
>> +             audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
>>  -                    "enforcing=%d old_enforcing=%d auid=%u ses=%u",
>>  +                    "enforcing=%d old_enforcing=%d auid=%u ses=%u"
>>  +                    " enabled=%d old-enabled=%d lsm=selinux res=1",
>>                       new_value, old_value,
>>                       from_kuid(&init_user_ns, audit_get_loginuid(current)),
>>  -                    audit_get_sessionid(current));
>>  +                    audit_get_sessionid(current),
>>  +                    selinux_enabled, selinux_enabled);
>>               enforcing_set(state, new_value);
>>               if (new_value)
>>                       avc_ss_reset(state->avc, 0);
>> @@@ -303,12 -299,10 +303,12 @@@ static ssize_t sel_write_disable(struc
>>               length = selinux_disable(fsi->state);
>>               if (length)
>>                       goto out;
>> -             audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
>> +             audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
>>  -                    "selinux=0 auid=%u ses=%u",
>>  +                    "enforcing=%d old_enforcing=%d auid=%u ses=%u"
>>  +                    " enabled=%d old-enabled=%d lsm=selinux res=1",
>>  +                    enforcing, enforcing,
>>                       from_kuid(&init_user_ns, audit_get_loginuid(current)),
>>  -                    audit_get_sessionid(current));
>>  +                    audit_get_sessionid(current), 0, 1);
>>       }
>>
>>       length = count;
>> @@@ -581,8 -575,8 +581,8 @@@ static ssize_t sel_write_load(struct fi
>>       length = count;
>>
>>   out1:
>> -     audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
>> +     audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
>>  -            "policy loaded auid=%u ses=%u",
>>  +            "auid=%u ses=%u lsm=selinux res=1",
>>               from_kuid(&init_user_ns, audit_get_loginuid(current)),
>>               audit_get_sessionid(current));
>>   out:
>
>
>
> - RGB
>
> --
> Richard Guy Briggs <rgb@redhat.com>
> Sr. S/W Engineer, Kernel Security, Base Operating Systems
> Remote, Ottawa, Red Hat Canada
> IRC: rgb, SunRaycer
> Voice: +1.647.777.2635, Internal: (81) 32635



-- 
paul moore
www.paul-moore.com

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: linux-next: manual merge of the audit tree with the selinux tree
  2021-10-05  3:19 Stephen Rothwell
@ 2021-10-05 13:58 ` Paul Moore
  0 siblings, 0 replies; 5+ messages in thread
From: Paul Moore @ 2021-10-05 13:58 UTC (permalink / raw)
  To: Stephen Rothwell
  Cc: Linux Kernel Mailing List, Linux Next Mailing List, Richard Guy Briggs

On Mon, Oct 4, 2021 at 11:19 PM Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Hi all,
>
> Today's linux-next merge of the audit tree got a conflict in:
>
>   include/uapi/linux/audit.h
>
> between commit:
>
>   5bd2182d58e9 ("audit,io_uring,io-wq: add some basic audit support to io_uring")
>
> from the selinux tree and commit:
>
>   571e5c0efcb2 ("audit: add OPENAT2 record to list "how" info")
>
> from the audit tree.

Thanks Stephen, your fix below is correct and I'll make sure to
mention this to Linus when sending the SELinux and audit trees to him
during the next merge window.

> diff --cc include/uapi/linux/audit.h
> index ecf1edd2affa,afa2472ad5d6..000000000000
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@@ -118,7 -118,7 +118,8 @@@
>   #define AUDIT_TIME_ADJNTPVAL  1333    /* NTP value adjustment */
>   #define AUDIT_BPF             1334    /* BPF subsystem */
>   #define AUDIT_EVENT_LISTENER  1335    /* Task joined multicast read socket */
>  +#define AUDIT_URINGOP         1336    /* io_uring operation */
> + #define AUDIT_OPENAT2         1337    /* Record showing openat2 how args */
>
>   #define AUDIT_AVC             1400    /* SE Linux avc denial or grant */
>   #define AUDIT_SELINUX_ERR     1401    /* Internal SE Linux Errors */

-- 
paul moore
www.paul-moore.com

^ permalink raw reply	[flat|nested] 5+ messages in thread

* linux-next: manual merge of the audit tree with the selinux tree
@ 2021-10-05  3:19 Stephen Rothwell
  2021-10-05 13:58 ` Paul Moore
  0 siblings, 1 reply; 5+ messages in thread
From: Stephen Rothwell @ 2021-10-05  3:19 UTC (permalink / raw)
  To: Paul Moore
  Cc: Linux Kernel Mailing List, Linux Next Mailing List, Richard Guy Briggs

[-- Attachment #1: Type: text/plain, Size: 1378 bytes --]

Hi all,

Today's linux-next merge of the audit tree got a conflict in:

  include/uapi/linux/audit.h

between commit:

  5bd2182d58e9 ("audit,io_uring,io-wq: add some basic audit support to io_uring")

from the selinux tree and commit:

  571e5c0efcb2 ("audit: add OPENAT2 record to list "how" info")

from the audit tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc include/uapi/linux/audit.h
index ecf1edd2affa,afa2472ad5d6..000000000000
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@@ -118,7 -118,7 +118,8 @@@
  #define AUDIT_TIME_ADJNTPVAL	1333	/* NTP value adjustment */
  #define AUDIT_BPF		1334	/* BPF subsystem */
  #define AUDIT_EVENT_LISTENER	1335	/* Task joined multicast read socket */
 +#define AUDIT_URINGOP		1336	/* io_uring operation */
+ #define AUDIT_OPENAT2		1337	/* Record showing openat2 how args */
  
  #define AUDIT_AVC		1400	/* SE Linux avc denial or grant */
  #define AUDIT_SELINUX_ERR	1401	/* Internal SE Linux Errors */

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2021-10-05 14:05 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-15  3:06 linux-next: manual merge of the audit tree with the selinux tree Stephen Rothwell
2018-05-15  3:16 ` Richard Guy Briggs
2018-05-15 20:18   ` Paul Moore
2021-10-05  3:19 Stephen Rothwell
2021-10-05 13:58 ` Paul Moore

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).