[systemd-devel] [PATCH 2/2] kdbus: do the audit loginuid translation as late as possible
Djalal Harouni
tixxdz at opendz.org
Wed Aug 20 08:58:57 PDT 2014
Do the namespace translation just before pushing into the receiver's
slice, so we map to the receiver's user namespace.
Patch tested.
Signed-off-by: Djalal Harouni <tixxdz at opendz.org>
---
connection.c | 37 +++++++++++++++++++++++++++++++++++++
metadata.c | 3 +++
metadata.h | 4 ++++
3 files changed, 44 insertions(+)
diff --git a/connection.c b/connection.c
index 9250dab..283a3fc 100644
--- a/connection.c
+++ b/connection.c
@@ -10,6 +10,7 @@
* your option) any later version.
*/
+#include <linux/audit.h>
#include <linux/device.h>
#include <linux/file.h>
#include <linux/fs.h>
@@ -67,6 +68,9 @@ struct kdbus_conn_reply;
* @auxgrp_item_offset: The offset of the auxgrp item inside the slice, if
* the user requested this metainfo in its attach flags.
* 0 if unused.
+ * @audit_item_offset: The offset of the audit item inside the slice, if
+ * the user requested this metainfo in its attach flags.
+ * 0 if unused.
* @uid: The UID to patch into the final message
* @gid: The GID to patch into the final message
* @pid: The PID to patch into the final message
@@ -75,6 +79,8 @@ struct kdbus_conn_reply;
* This information is translated into the user's
* namespace when the message is installed.
* @auxgroup_count: The number of items in @auxgrps.
+ * @loginuid: The audit login uid to patch into the final
+ * message
*/
struct kdbus_conn_queue {
struct list_head entry;
@@ -95,6 +101,7 @@ struct kdbus_conn_queue {
int user;
off_t creds_item_offset;
off_t auxgrp_item_offset;
+ off_t audit_item_offset;
/* to honor namespaces, we have to store the following here */
kuid_t uid;
@@ -104,6 +111,8 @@ struct kdbus_conn_queue {
kgid_t *auxgrps;
unsigned int auxgrps_count;
+
+ kuid_t loginuid;
};
/**
@@ -676,6 +685,12 @@ static int kdbus_conn_queue_alloc(struct kdbus_conn *conn,
meta->auxgrps_item_off;
}
+ if (meta->attached & KDBUS_ATTACH_AUDIT) {
+ queue->loginuid = audit_get_loginuid(current);
+ queue->audit_item_offset = meta_off +
+ meta->audit_item_off;
+ }
+
ret = kdbus_pool_slice_copy(queue->slice, meta_off,
kmsg->meta->data,
kmsg->meta->size);
@@ -983,6 +998,22 @@ static int kdbus_conn_creds_install(struct kdbus_conn_queue *queue)
return ret;
}
+static int kdbus_conn_audit_install(struct kdbus_conn_queue *queue)
+{
+ int ret;
+ u64 loginuid;
+ off_t off = queue->audit_item_offset +
+ offsetof(struct kdbus_item, audit) +
+ offsetof(struct kdbus_audit, loginuid);
+
+ loginuid = from_kuid_munged(current_user_ns(), queue->loginuid);
+
+ ret = kdbus_pool_slice_copy_user(queue->slice, off,
+ &loginuid, sizeof(loginuid));
+
+ return ret;
+}
+
static int kdbus_conn_msg_install(struct kdbus_conn_queue *queue)
{
int *memfds = NULL;
@@ -1036,6 +1067,12 @@ static int kdbus_conn_msg_install(struct kdbus_conn_queue *queue)
goto exit_rewind_fds;
}
+ if (queue->audit_item_offset) {
+ ret = kdbus_conn_audit_install(queue);
+ if (ret < 0)
+ goto exit_rewind_fds;
+ }
+
kfree(fds);
kfree(memfds);
kdbus_pool_slice_flush(queue->slice);
diff --git a/metadata.c b/metadata.c
index 934aa62..dabc614 100644
--- a/metadata.c
+++ b/metadata.c
@@ -119,6 +119,9 @@ kdbus_meta_append_item(struct kdbus_meta *meta, u64 type, size_t payload_size)
case KDBUS_ITEM_AUXGROUPS:
meta->auxgrps_item_off = meta->size;
break;
+ case KDBUS_ITEM_AUDIT:
+ meta->audit_item_off = meta->size;
+ break;
}
meta->size += extra_size;
diff --git a/metadata.h b/metadata.h
index 1bdb537..ea77783 100644
--- a/metadata.h
+++ b/metadata.h
@@ -26,6 +26,9 @@
* @auxgrps_item_off The offset of the auxgroups item in the
* @data buffer field, if the user requested
* this metainfo. 0 if unused.
+ * @audit_item_off The offset of the audit item in the @data
+ * buffer field, if the user requested this
+ * metainfo. 0 if unused.
*
* Used to collect and store connection metadata in a pre-compiled
* buffer containing struct kdbus_item.
@@ -39,6 +42,7 @@ struct kdbus_meta {
off_t creds_item_off;
off_t auxgrps_item_off;
+ off_t audit_item_off;
};
struct kdbus_conn;
--
1.9.3
More information about the systemd-devel
mailing list