Re: linux-next: manual merge of the audit tree with the selinux tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, May 14, 2018 at 11:16 PM, Richard Guy Briggs <rgb@xxxxxxxxxx> wrote:
> On 2018-05-15 13:06, Stephen Rothwell wrote:
>> Hi Paul,
>>
>> Today's linux-next merge of the audit tree got a conflict in:
>>
>>   security/selinux/selinuxfs.c
>>
>> between commit:
>>
>>   4195ed425d3c ("audit: normalize MAC_STATUS record")
>>
>> from the selinux tree and commits:
>>
>>   cdfb6b341f0f ("audit: use inline function to get audit context")
>>   d141136f523a ("audit: normalize MAC_POLICY_LOAD record")
>>
>> from the audit tree.
>>
>> I fixed it up (see below) and can carry the fix as necessary. This
>> is now fixed as far as linux-next is concerned, but any non trivial
>> conflicts should be mentioned to your upstream maintainer when your tree
>> is submitted for merging.  You may also want to consider cooperating
>> with the maintainer of the conflicting tree to minimise any particularly
>> complex conflicts.
>
> This was expected...  It looks ok.

Agreed.  I had to apply the same patch to my testing kernels.

>> --
>> Cheers,
>> Stephen Rothwell
>>
>> diff --cc security/selinux/selinuxfs.c
>> index c0cadbc5f85c,35fd77737c59..000000000000
>> --- a/security/selinux/selinuxfs.c
>> +++ b/security/selinux/selinuxfs.c
>> @@@ -167,13 -167,11 +167,13 @@@ static ssize_t sel_write_enforce(struc
>>                                     NULL);
>>               if (length)
>>                       goto out;
>> -             audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
>> +             audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
>>  -                    "enforcing=%d old_enforcing=%d auid=%u ses=%u",
>>  +                    "enforcing=%d old_enforcing=%d auid=%u ses=%u"
>>  +                    " enabled=%d old-enabled=%d lsm=selinux res=1",
>>                       new_value, old_value,
>>                       from_kuid(&init_user_ns, audit_get_loginuid(current)),
>>  -                    audit_get_sessionid(current));
>>  +                    audit_get_sessionid(current),
>>  +                    selinux_enabled, selinux_enabled);
>>               enforcing_set(state, new_value);
>>               if (new_value)
>>                       avc_ss_reset(state->avc, 0);
>> @@@ -303,12 -299,10 +303,12 @@@ static ssize_t sel_write_disable(struc
>>               length = selinux_disable(fsi->state);
>>               if (length)
>>                       goto out;
>> -             audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
>> +             audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_STATUS,
>>  -                    "selinux=0 auid=%u ses=%u",
>>  +                    "enforcing=%d old_enforcing=%d auid=%u ses=%u"
>>  +                    " enabled=%d old-enabled=%d lsm=selinux res=1",
>>  +                    enforcing, enforcing,
>>                       from_kuid(&init_user_ns, audit_get_loginuid(current)),
>>  -                    audit_get_sessionid(current));
>>  +                    audit_get_sessionid(current), 0, 1);
>>       }
>>
>>       length = count;
>> @@@ -581,8 -575,8 +581,8 @@@ static ssize_t sel_write_load(struct fi
>>       length = count;
>>
>>   out1:
>> -     audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
>> +     audit_log(audit_context(), GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
>>  -            "policy loaded auid=%u ses=%u",
>>  +            "auid=%u ses=%u lsm=selinux res=1",
>>               from_kuid(&init_user_ns, audit_get_loginuid(current)),
>>               audit_get_sessionid(current));
>>   out:
>
>
>
> - RGB
>
> --
> Richard Guy Briggs <rgb@xxxxxxxxxx>
> Sr. S/W Engineer, Kernel Security, Base Operating Systems
> Remote, Ottawa, Red Hat Canada
> IRC: rgb, SunRaycer
> Voice: +1.647.777.2635, Internal: (81) 32635



-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-next" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Linux USB Development]     [Yosemite News]     [Linux SCSI]

  Powered by Linux