diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2011-11-13 18:02:14 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2011-11-13 18:02:14 -0500 |
| commit | f1a054e63fd3b928f7c0417486a7523d2460d8c5 (patch) | |
| tree | 7729a2fc2e6a073561cae312549ce0675432e33c /3.0.8/4440_selinux-avc_audit-log-curr_ip.patch | |
| parent | Ignore hardened-rsbac-patches tarballs (diff) | |
| download | hardened-patchset-f1a054e63fd3b928f7c0417486a7523d2460d8c5.tar.gz hardened-patchset-f1a054e63fd3b928f7c0417486a7523d2460d8c5.tar.bz2 hardened-patchset-f1a054e63fd3b928f7c0417486a7523d2460d8c5.zip | |
EOL 3.0.8|Grsec/PaX: 2.2.2-{2.6.32.48,3.0.9}-20111112131020111112
Diffstat (limited to '3.0.8/4440_selinux-avc_audit-log-curr_ip.patch')
| -rw-r--r-- | 3.0.8/4440_selinux-avc_audit-log-curr_ip.patch | 73 |
1 files changed, 0 insertions, 73 deletions
diff --git a/3.0.8/4440_selinux-avc_audit-log-curr_ip.patch b/3.0.8/4440_selinux-avc_audit-log-curr_ip.patch deleted file mode 100644 index 0fd5d2d..0000000 --- a/3.0.8/4440_selinux-avc_audit-log-curr_ip.patch +++ /dev/null @@ -1,73 +0,0 @@ -From: Anthony G. Basile <blueness@gentoo.org> - -Removed deprecated NIPQUAD macro in favor of %pI4. -See bug #346333. - ---- -From: Gordon Malm <gengor@gentoo.org> - -This is a reworked version of the original -*_selinux-avc_audit-log-curr_ip.patch carried in earlier releases of -hardened-sources. - -Dropping the patch, or simply fixing the #ifdef of the original patch -could break automated logging setups so this route was necessary. - -Suggestions for improving the help text are welcome. - -The original patch's description is still accurate and included below. - ---- -Provides support for a new field ipaddr within the SELinux -AVC audit log, relying in task_struct->curr_ip (ipv4 only) -provided by grSecurity patch to be applied before. - -Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> ---- - -diff -Naur linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig linux-2.6.38-hardened-r1/grsecurity/Kconfig ---- linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 -+++ linux-2.6.38-hardened-r1/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1265,6 +1265,27 @@ - menu "Logging Options" - depends on GRKERNSEC - -+config GRKERNSEC_SELINUX_AVC_LOG_IPADDR -+ def_bool n -+ prompt "Add source IP address to SELinux AVC log messages" -+ depends on GRKERNSEC && SECURITY_SELINUX -+ help -+ If you say Y here, a new field "ipaddr=" will be added to many SELinux -+ AVC log messages. The value of this field in any given message -+ represents the source IP address of the remote machine/user that created -+ the offending process. -+ -+ This information is sourced from task_struct->curr_ip provided by -+ grsecurity's GRKERNSEC top-level configuration option. One limitation -+ is that only IPv4 is supported. -+ -+ In many instances SELinux AVC log messages already log a superior level -+ of information that also includes source port and destination ip/port. -+ Additionally, SELinux's AVC log code supports IPv6. -+ -+ However, grsecurity's task_struct->curr_ip will sometimes (often?) -+ provide the offender's IP address where stock SELinux logging fails to. -+ - config GRKERNSEC_FLOODTIME - int "Seconds in between log messages (minimum)" - default 10 -diff -Naur linux-2.6.38-hardened-r1.orig/security/selinux/avc.c linux-2.6.38-hardened-r1/security/selinux/avc.c ---- linux-2.6.38-hardened-r1.orig/security/selinux/avc.c 2011-04-17 19:04:47.000000000 -0400 -+++ linux-2.6.38-hardened-r1/security/selinux/avc.c 2011-04-17 19:32:53.000000000 -0400 -@@ -139,6 +139,11 @@ - char *scontext; - u32 scontext_len; - -+#ifdef CONFIG_GRKERNSEC_SELINUX_AVC_LOG_IPADDR -+ if (current->signal->curr_ip) -+ audit_log_format(ab, "ipaddr=%pI4 ", ¤t->signal->curr_ip); -+#endif -+ - rc = security_sid_to_context(ssid, &scontext, &scontext_len); - if (rc) - audit_log_format(ab, "ssid=%d", ssid); |