diff --git a/README b/README index 669ac7c32292..8e948882f470 100644 --- a/README +++ b/README @@ -1,18 +1,13 @@ -Linux kernel -============ +Linux Kernel Audit Subsystem +============================================================================= +https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git +https://github.com/linux-audit/audit-kernel -There are several guides for kernel developers and users. These guides can -be rendered in a number of formats, like HTML and PDF. Please read -Documentation/admin-guide/README.rst first. +The original Linux Kernel README file: +* https://github.com/linux-audit/audit-kernel/blob/main/README.orig -In order to build the documentation, use ``make htmldocs`` or -``make pdfdocs``. The formatted documentation can also be read online at: +The Linux Kernel audit subsystem README.md file: +* https://github.com/linux-audit/audit-kernel/blob/main/README.md - https://www.kernel.org/doc/html/latest/ - -There are various text files in the Documentation/ subdirectory, -several of them using the Restructured Text markup notation. - -Please read the Documentation/process/changes.rst file, as it contains the -requirements for building and running the kernel, and information about -the problems which may result by upgrading your kernel. +The latest official Linux Kernel documentation: +* https://www.kernel.org/doc/html/latest diff --git a/README.md b/README.md new file mode 100644 index 000000000000..36e5968f0360 --- /dev/null +++ b/README.md @@ -0,0 +1,62 @@ +Linux Kernel Audit Subsystem +============================================================================= +https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git +https://github.com/linux-audit/audit-kernel + +The Linux Audit subsystem provides a secure logging framework that is used to +capture and record security relevant events. It consists of a kernel component +which generates audit records based on system activity, a userspace daemon +which logs these records to a local file or a remote aggregation server, and a +set of userspace tools to for audit log inspection and post-processing. + +The main Linux Kernel README can be found at +[Documentation/admin-guide/README.rst](./Documentation/admin-guide/README.rst) + +## Online Resources + +The canonical audit kernel repository is hosted by kernel.org: + +* https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git +* git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git + +There is also an officially maintained GitHub mirror: + +* https://github.com/linux-audit/audit-kernel + +## Kernel Tree Process + +After the merge window closes upstream, a decision will be made regarding the +need to rebase the next branch on top of the current Linux -rc1 release. If +there have been a number of subsystem related changes outside of the +subsystem's next branch, or if the branch's base is too far behind +linux/master, it may be necessary to rebase the next branch. If a rebase is +needed, it should be done before any patches are merged, and rebasing the next +branch during the remaining -rcX releases should only be done in extreme cases. + +Patches will be merged into the subsystem's next branch during the development +cycle which extends from merge window close up until the merge window reopens. +However, it is important to note that large, complicated, or invasive patches +sent late in the development cycle may be deferred until the next cycle. As a +general rule, only small patches or critical fixes will be merged after +-rc5/-rc6. + +Any patches deemed necessary for the current Linux -rcX releases will be merged +into the current stable-X.Y branch, marked with a signed tag, and a pull +request sent against linux/master as soon as it is reasonable to do so. + +During the development cycle Fedora Rawhide test kernels will be generated +using the next and most recent stable-X.Y branches on a weekly basis, if not +more often. These kernels will be tested against the SELinux test suite and +audit test suite as well as being made available to everyone for additional +testing. + +Once the merge window opens, the next branch will be copied to a new branch, +stable-X.Y, and the branch will be marked with a signed tag in the format +audit-pr-YYYYMMDD. A pull request will be sent against the linux/master +branch using the signed tag. + +## Userspace Tools and Test Suites + +The audit userspace tools and test suites are hosted by GitHub: + +* https://github.com/linux-audit diff --git a/README.orig b/README.orig new file mode 100644 index 000000000000..669ac7c32292 --- /dev/null +++ b/README.orig @@ -0,0 +1,18 @@ +Linux kernel +============ + +There are several guides for kernel developers and users. These guides can +be rendered in a number of formats, like HTML and PDF. Please read +Documentation/admin-guide/README.rst first. + +In order to build the documentation, use ``make htmldocs`` or +``make pdfdocs``. The formatted documentation can also be read online at: + + https://www.kernel.org/doc/html/latest/ + +There are various text files in the Documentation/ subdirectory, +several of them using the Restructured Text markup notation. + +Please read the Documentation/process/changes.rst file, as it contains the +requirements for building and running the kernel, and information about +the problems which may result by upgrading your kernel. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000000..07836ff5f438 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,16 @@ +Audit Kernel Subsystem Security Policy +============================================================================= + +The audit kernel developers take security very seriously and if you think you +have found a serious problem or security vulnerability in the audit kernel +code you are encouraged to send email to the current audit kernel maintainer +who is listed below: + +* Paul Moore, paul@paul-moore.com + +## Linux Kernel General Security Policy + +In addition to the contact information above, the Linux Kernel also has a +security policy documented in the link below: + +* https://github.com/linux-audit/audit-kernel/blob/main/Documentation/admin-guide/security-bugs.rst diff --git a/kernel/auditsc.c b/kernel/auditsc.c index addeed3df15d..2308812889f1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2416,6 +2416,10 @@ void __audit_inode_child(struct inode *parent, struct audit_entry *e; struct list_head *list = &audit_filter_list[AUDIT_FILTER_FS]; int i; + char *n_file_name = NULL; + int dlen; + int name_len; + bool special_end = false; if (context->context == AUDIT_CTX_UNUSED) return; @@ -2439,23 +2443,39 @@ void __audit_inode_child(struct inode *parent, if (inode) handle_one(inode); + n_file_name = kmalloc(PATH_MAX, GFP_KERNEL); + if (n_file_name) { + memset(n_file_name, '\0', PATH_MAX); + } + dlen = strlen(dname); /* look for a parent entry first */ list_for_each_entry(n, &context->names_list, list) { if (!n->name || (n->type != AUDIT_TYPE_PARENT && n->type != AUDIT_TYPE_UNKNOWN)) continue; - + name_len = strlen(n->name->name); + if (n_file_name && dname[dlen -1] != '/' && n->name->name[name_len - 1] == '/') + { + strncpy(n_file_name, n->name->name, name_len - 1); + special_end = true; + } if (n->ino == parent->i_ino && n->dev == parent->i_sb->s_dev && !audit_compare_dname_path(dname, - n->name->name, n->name_len)) { + special_end ? n_file_name : n->name->name, n->name_len)) { if (n->type == AUDIT_TYPE_UNKNOWN) n->type = AUDIT_TYPE_PARENT; found_parent = n; break; } + if (special_end) { + memset(n_file_name, '\0', name_len + 1); + } + special_end = false; + } + if (n_file_name) { + kfree(n_file_name); } - /* is there a matching child entry? */ list_for_each_entry(n, &context->names_list, list) { /* can only match entries that have a name */