www.infradead.org Git - users/dwmw2/linux.git/commit

author	Eric W. Biederman <ebiederm@xmission.com>
	Tue, 9 Apr 2013 09:22:10 +0000 (02:22 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 19 May 2013 18:38:47 +0000 (11:38 -0700)
commit	60106c06452e7db66d13ce8286d89b9cce13664d
tree	ad60ff737f7636f9f45fff84f8826369d09f5923	tree
parent	3e717373db383369e5887708c3cde25f396f648e	commit \| diff

audit: Make testing for a valid loginuid explicit.

commit 780a7654cee8d61819512385e778e4827db4bfbc upstream.

audit rule additions containing "-F auid!=4294967295" were failing
with EINVAL because of a regression caused by e1760bd.

Apparently some userland audit rule sets want to know if loginuid uid
has been set and are using a test for auid != 4294967295 to determine
that.

In practice that is a horrible way to ask if a value has been set,
because it relies on subtle implementation details and will break
every time the uid implementation in the kernel changes.

So add a clean way to test if the audit loginuid has been set, and
silently convert the old idiom to the cleaner and more comprehensible
new idiom.

RGB notes: In upstream, audit_rule_to_entry has been refactored out.
This is patch is already upstream in functionally the same form in
commit 780a7654cee8d61819512385e778e4827db4bfbc . The decimal constant
was cast to unsigned to quiet GCC 4.6 32-bit architecture warnings.

Reported-By: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Tested-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Backported-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

include/linux/audit.h		diff \| blob \| history
include/uapi/linux/audit.h		diff \| blob \| history
kernel/auditfilter.c		diff \| blob \| history
kernel/auditsc.c		diff \| blob \| history