diff options
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-security/audit')
-rw-r--r-- | meta-openembedded/meta-oe/recipes-security/audit/audit/0001-flush-uid-gid-caches-when-user-group-added-deleted-m.patch | 132 | ||||
-rw-r--r-- | meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.5.bb (renamed from meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.4.bb) | 3 |
2 files changed, 1 insertions, 134 deletions
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-flush-uid-gid-caches-when-user-group-added-deleted-m.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-flush-uid-gid-caches-when-user-group-added-deleted-m.patch deleted file mode 100644 index e55093d1ad..0000000000 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-flush-uid-gid-caches-when-user-group-added-deleted-m.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 759318f11352d01b45bbab62c7bf0a53fb781083 Mon Sep 17 00:00:00 2001 -From: Steve Grubb <sgrubb@redhat.com> -Date: Tue, 10 Aug 2021 11:27:16 -0400 -Subject: [PATCH] flush uid/gid caches when user/group added/deleted/modified - -It was reported in issue #209 that in the enriched format that auditd -is creating the wrong account associations. This is due to caching -previous lookups. The fix is to monitor for account lifecycle changes -and flush the LRUs if any are seen. - -Upstream-Status: Backport -[https://github.com/linux-audit/audit-userspace/commit/8662f61108f8b9365f96ef49ca8ca331a7880f24] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - auparse/auparse-idata.h | 3 ++- - auparse/interpret.c | 12 ++++++++++++ - src/auditd-event.c | 27 +++++++++++++++++++++++++-- - 3 files changed, 39 insertions(+), 3 deletions(-) - -diff --git a/auparse/auparse-idata.h b/auparse/auparse-idata.h -index 660901a..eaca86a 100644 ---- a/auparse/auparse-idata.h -+++ b/auparse/auparse-idata.h -@@ -1,6 +1,6 @@ - /* - * idata.h - Header file for ausearch-lookup.c --* Copyright (c) 2013,2016-17 Red Hat Inc., Durham, North Carolina. -+* Copyright (c) 2013,2016-17,2021 Red Hat Inc. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or -@@ -45,6 +45,7 @@ char *auparse_do_interpretation(int type, const idata *id, - void _auparse_load_interpretations(const char *buf); - void _auparse_free_interpretations(void); - const char *_auparse_lookup_interpretation(const char *name); -+void _auparse_flush_caches(void); - - #endif - -diff --git a/auparse/interpret.c b/auparse/interpret.c -index 046867b..eef377a 100644 ---- a/auparse/interpret.c -+++ b/auparse/interpret.c -@@ -653,6 +653,18 @@ void aulookup_destroy_gid_list(void) - gid_cache_created = 0; - } - -+void _auparse_flush_caches(void) -+{ -+ if (uid_cache_created) { -+ destroy_lru(uid_cache); -+ uid_cache_created = 0; -+ } -+ if (gid_cache_created) { -+ destroy_lru(gid_cache); -+ gid_cache_created = 0; -+ } -+} -+ - static const char *print_uid(const char *val, unsigned int base) - { - int uid; -diff --git a/src/auditd-event.c b/src/auditd-event.c -index cb29fee..3655726 100644 ---- a/src/auditd-event.c -+++ b/src/auditd-event.c -@@ -42,6 +42,7 @@ - #include "libaudit.h" - #include "private.h" - #include "auparse.h" -+#include "auparse-idata.h" - - /* This is defined in auditd.c */ - extern volatile int stop; -@@ -56,7 +57,7 @@ static void do_space_left_action(int admin); - static void do_disk_full_action(void); - static void do_disk_error_action(const char *func, int err); - static void fix_disk_permissions(void); --static void check_excess_logs(void); -+static void check_excess_logs(void); - static void rotate_logs_now(void); - static void rotate_logs(unsigned int num_logs, unsigned int keep_logs); - static void shift_logs(void); -@@ -394,7 +395,7 @@ static const char *format_enrich(const struct audit_reply *rep) - snprintf(format_buf, MAX_AUDIT_MESSAGE_LENGTH, - "type=DAEMON_ERR op=format-enriched msg=NULL res=failed"); - } else { -- int rc; -+ int rc, rtype; - size_t mlen, len; - char *message; - // Do raw format to get event started -@@ -427,6 +428,17 @@ static const char *format_enrich(const struct audit_reply *rep) - - // Loop over all fields while possible to add field - rc = auparse_first_record(au); -+ rtype = auparse_get_type(au); -+ switch (rtype) -+ { // Flush before adding to pickup new associations -+ case AUDIT_ADD_USER: -+ case AUDIT_ADD_GROUP: -+ _auparse_flush_caches(); -+ break; -+ default: -+ break; -+ } -+ - while (rc > 0 && len > MIN_SPACE_LEFT) { - // See what kind of field we have - size_t vlen; -@@ -454,6 +466,17 @@ static const char *format_enrich(const struct audit_reply *rep) - rc = auparse_next_field(au); - } - -+ switch(rtype) -+ { // Flush after modification to remove stale entries -+ case AUDIT_USER_MGMT: -+ case AUDIT_DEL_USER: -+ case AUDIT_DEL_GROUP: -+ case AUDIT_GRP_MGMT: -+ _auparse_flush_caches(); -+ break; -+ default: -+ break; -+ } - free(message); - } - return format_buf; --- -2.17.1 - diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.4.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.5.bb index db550492e5..173c2cab11 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.4.bb +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.5.bb @@ -9,14 +9,13 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master \ file://Fixed-swig-host-contamination-issue.patch \ - file://0001-flush-uid-gid-caches-when-user-group-added-deleted-m.patch \ file://auditd \ file://auditd.service \ file://audit-volatile.conf \ " S = "${WORKDIR}/git" -SRCREV = "86a975cd96c3838e56be9d27262f8a36bb822634" +SRCREV = "c382a4925a7d0d1b332a2f4e689c71d71b0005a5" inherit autotools python3native update-rc.d systemd |