diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2012-02-05 11:40:33 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2012-02-05 11:40:33 -0500 |
| commit | 37cbbcacda2762cc7a054330ae8df40dd5ec9e62 (patch) | |
| tree | 505cfa2dfa54d68377412be58f2a1b39d0cb10c8 /2.6.32/4465_selinux-avc_audit-log-curr_ip.patch | |
| parent | Grsec/PaX: 2.2.2-2.6.32.56-201202032051 + 2.2.2-3.2.4-201202032052 (diff) | |
| download | hardened-patchset-37cbbcacda2762cc7a054330ae8df40dd5ec9e62.tar.gz hardened-patchset-37cbbcacda2762cc7a054330ae8df40dd5ec9e62.tar.bz2 hardened-patchset-37cbbcacda2762cc7a054330ae8df40dd5ec9e62.zip | |
Renumbered patches
Diffstat (limited to '2.6.32/4465_selinux-avc_audit-log-curr_ip.patch')
| -rw-r--r-- | 2.6.32/4465_selinux-avc_audit-log-curr_ip.patch | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch new file mode 100644 index 0000000..0873c15 --- /dev/null +++ b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch @@ -0,0 +1,73 @@ +From: Anthony G. Basile <blueness@gentoo.org> + +Removed deprecated NIPQUAD macro in favor of %pI4. +See bug #346333. + +--- +From: Gordon Malm <gengor@gentoo.org> + +This is a reworked version of the original +*_selinux-avc_audit-log-curr_ip.patch carried in earlier releases of +hardened-sources. + +Dropping the patch, or simply fixing the #ifdef of the original patch +could break automated logging setups so this route was necessary. + +Suggestions for improving the help text are welcome. + +The original patch's description is still accurate and included below. + +--- +Provides support for a new field ipaddr within the SELinux +AVC audit log, relying in task_struct->curr_ip (ipv4 only) +provided by grSecurity patch to be applied before. + +Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> +--- + +diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig +--- a/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400 ++++ b/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400 +@@ -1296,6 +1296,27 @@ + menu "Logging Options" + depends on GRKERNSEC + ++config GRKERNSEC_SELINUX_AVC_LOG_IPADDR ++ def_bool n ++ prompt "Add source IP address to SELinux AVC log messages" ++ depends on GRKERNSEC && SECURITY_SELINUX ++ help ++ If you say Y here, a new field "ipaddr=" will be added to many SELinux ++ AVC log messages. The value of this field in any given message ++ represents the source IP address of the remote machine/user that created ++ the offending process. ++ ++ This information is sourced from task_struct->curr_ip provided by ++ grsecurity's GRKERNSEC top-level configuration option. One limitation ++ is that only IPv4 is supported. ++ ++ In many instances SELinux AVC log messages already log a superior level ++ of information that also includes source port and destination ip/port. ++ Additionally, SELinux's AVC log code supports IPv6. ++ ++ However, grsecurity's task_struct->curr_ip will sometimes (often?) ++ provide the offender's IP address where stock SELinux logging fails to. ++ + config GRKERNSEC_FLOODTIME + int "Seconds in between log messages (minimum)" + default 10 +diff -Naur a/security/selinux/avc.c b/security/selinux/avc.c +--- a/security/selinux/avc.c 2009-12-02 22:51:21.000000000 -0500 ++++ b/security/selinux/avc.c 2011-04-17 18:51:15.000000000 -0400 +@@ -203,6 +203,11 @@ + char *scontext; + u32 scontext_len; + ++#ifdef CONFIG_GRKERNSEC_SELINUX_AVC_LOG_IPADDR ++ if (current->signal->curr_ip) ++ audit_log_format(ab, "ipaddr=%pI4 ", ¤t->signal->curr_ip); ++#endif ++ + rc = security_sid_to_context(ssid, &scontext, &scontext_len); + if (rc) + audit_log_format(ab, "ssid=%d", ssid); |