linux-next: manual merge of the audit tree with Linus' tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Eric,

Today's linux-next merge of the audit tree got a conflict in
kernel/audit.c between commit aa4af831bb4f ("AUDIT: Allow login in
non-init namespaces") from Linus' tree and commit 5a3cb3b6c3a0 ("audit:
allow user processes to log from another PID namespace") from the audit
tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

[Eric: that audit tree commit has no Signed-off-by from you even though
you committed it ... there are a few like that]
-- 
Cheers,
Stephen Rothwell                    sfr@xxxxxxxxxxxxxxxx

diff --cc kernel/audit.c
index 95a20f3f52f1,ad77d1e80895..000000000000
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@@ -607,20 -607,9 +607,19 @@@ static int audit_netlink_ok(struct sk_b
  {
  	int err = 0;
  
- 	/* Only support the initial namespaces for now. */
+ 	/* Only support initial user namespace for now. */
 +	/*
 +	 * We return ECONNREFUSED because it tricks userspace into thinking
 +	 * that audit was not configured into the kernel.  Lots of users
 +	 * configure their PAM stack (because that's what the distro does)
 +	 * to reject login if unable to send messages to audit.  If we return
 +	 * ECONNREFUSED the PAM stack thinks the kernel does not have audit
 +	 * configured in and will let login proceed.  If we return EPERM
 +	 * userspace will reject all logins.  This should be removed when we
 +	 * support non init namespaces!!
 +	 */
- 	if ((current_user_ns() != &init_user_ns) ||
- 	    (task_active_pid_ns(current) != &init_pid_ns))
+ 	if ((current_user_ns() != &init_user_ns))
 -		return -EPERM;
 +		return -ECONNREFUSED;
  
  	switch (msg_type) {
  	case AUDIT_LIST:

Attachment: pgp38vSuRHWrV.pgp
Description: PGP signature


[Index of Archives]     [Linux Kernel]     [Linux USB Development]     [Yosemite News]     [Linux SCSI]

  Powered by Linux