From patchwork Sun May 22 16:56:21 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Laurent Vivier X-Patchwork-Id: 9130989 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id F337260459 for ; Sun, 22 May 2016 16:57:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B2283281AE for ; Sun, 22 May 2016 16:57:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A706C281B9; Sun, 22 May 2016 16:57:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4799F281AE for ; Sun, 22 May 2016 16:57:16 +0000 (UTC) Received: from localhost ([::1]:43902 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b4Wgl-0007pw-BP for patchwork-qemu-devel@patchwork.kernel.org; Sun, 22 May 2016 12:57:15 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60904) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b4WgK-0007oN-Ls for qemu-devel@nongnu.org; Sun, 22 May 2016 12:56:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b4WgH-0004sW-Gw for qemu-devel@nongnu.org; Sun, 22 May 2016 12:56:48 -0400 Received: from mout.kundenserver.de ([217.72.192.75]:63197) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b4WgH-0004sH-5u for qemu-devel@nongnu.org; Sun, 22 May 2016 12:56:45 -0400 Received: from Quad.localdomain ([78.238.229.36]) by mrelayeu.kundenserver.de (mreue102) with ESMTPSA (Nemesis) id 0LmuL6-1blJ5U2IYe-00h3SU; Sun, 22 May 2016 18:56:36 +0200 From: Laurent Vivier To: Riku Voipio Date: Sun, 22 May 2016 18:56:21 +0200 Message-Id: <1463936181-23683-4-git-send-email-laurent@vivier.eu> X-Mailer: git-send-email 2.5.5 In-Reply-To: <1463936181-23683-1-git-send-email-laurent@vivier.eu> References: <1463936181-23683-1-git-send-email-laurent@vivier.eu> X-Provags-ID: V03:K0:whkhs2LwNWhjeuRyXsy1ErfKWhtiSVH80g+gJ4SX7OTbcp32vok cEdSzfexkF6iNEWPAr2unoJYBvSn2Yt3Za40RFONNkC7N6cvBinvdxLDf31BVVHtmfxX3j7 LmURkYjUpehgZDyK6GVQqsJnqzz3Pw6czmli6rj4xf6uzDH7kkLYkhSQj8YaETwsu33QPAR zdJmNyD8PVYG7AQsi9KYw== X-UI-Out-Filterresults: notjunk:1; V01:K0:l3DnELvVfYU=:leT0widDJfkcgmhG49ONer H/uLD9uvzwRyA+qEodToCJzQ2FxcFkiOZgrct5j7AvfgeSNMW7OESoGhaCub1vNbPlfR0jjlP tU+WxCB9Ulr4zXn1NI1i/3mzEP6dgVuHXvavNX6T2WW6Dx4F8DZSuAr70xJ4VH8FLV1ubd6Rj RbPNpsU25oNaTUR3QYuAbqSWikp3j7Aaxcr5jeeEsSxV94o1TnSUAakXVIlD0hCHRgPIGnZPG o/MA1SMg8Gv0gHbK0HrQMqJq+EO3wYboFVxGoKW2Z/wOeFMwvMnwn/Ct2ji/g2T+fLTLP7M/6 P+SPxs5djLk7BfybKtLcJaZC+Ki02Wp7lW+W+5Ed5fEsnxyHQ36XOvLjSJqf4qL32Ky82Urqf hB04QnSikNAO+6D+7Ji46Fj+jMQoJ8EewZwzatEKk3WQHfCF1+J3dYt1NWQQg8C8khN2HCJ9H n02EUaPhQsuTfTSNPE7gs/QxGs9O5FZisWC4tKlEJpQx5v7K4NMDGfqIkHj/JHBjB014giPdW H67Wqi7v2Y0cRAuPZKtQeBb1ZNMElCjudOFJdYRzPcyzk+1ea4fiSzmb0foBh89TOORZwrIEV OIfLp4oQMDSJEoj4KhH3pc9Lsvf2jzHN9yiv3VPOxfRW5X18/SXGNQtHwbNW1J/xpc612qy9D dc2HADTFOtbrk/HAy5Wey1S4yYwCr6UCiBmhcpKq2TNTQPv9J+qSDMw3Db2ichSUArqw= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 217.72.192.75 Subject: [Qemu-devel] [PATCH v2 3/3] linux-user: add netlink audit X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , qemu-devel@nongnu.org, Laurent Vivier Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP This is, for instance, needed to log in a container. Without this, the user cannot be identified and the console login fails with "Login incorrect". Signed-off-by: Laurent Vivier --- v2: Check domain before opening socket Use gemu_log() linux-user/syscall.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index ff63bf5..8160374 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -105,6 +105,7 @@ int __clone2(int (*fn)(void *), void *child_stack_base, #include #include #include +#include #include "uname.h" #include "qemu.h" @@ -1985,6 +1986,44 @@ static abi_long target_to_host_nlmsg_route(struct nlmsghdr *nlh, size_t len) return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_route); } +static abi_long host_to_target_data_audit(struct nlmsghdr *nlh) +{ + switch (nlh->nlmsg_type) { + default: + gemu_log("Unknown host audit message type %d\n", + nlh->nlmsg_type); + return -TARGET_EINVAL; + } + return 0; +} + +static inline abi_long host_to_target_nlmsg_audit(struct nlmsghdr *nlh, + size_t len) +{ + return host_to_target_for_each_nlmsg(nlh, len, host_to_target_data_audit); +} + +static abi_long target_to_host_data_audit(struct nlmsghdr *nlh) +{ + switch (nlh->nlmsg_type) { + case AUDIT_USER: + case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG: + case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2: + break; + default: + gemu_log("Unknown target audit message type %d\n", + nlh->nlmsg_type); + return -TARGET_EINVAL; + } + + return 0; +} + +static abi_long target_to_host_nlmsg_audit(struct nlmsghdr *nlh, size_t len) +{ + return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_audit); +} + /* do_setsockopt() Must return target values and target errnos. */ static abi_long do_setsockopt(int sockfd, int level, int optname, abi_ulong optval_addr, socklen_t optlen) @@ -2667,6 +2706,21 @@ static TargetFdTrans target_netlink_route_trans = { .host_to_target_data = netlink_route_host_to_target, }; +static abi_long netlink_audit_target_to_host(void *buf, size_t len) +{ + return target_to_host_nlmsg_audit(buf, len); +} + +static abi_long netlink_audit_host_to_target(void *buf, size_t len) +{ + return host_to_target_nlmsg_audit(buf, len); +} + +static TargetFdTrans target_netlink_audit_trans = { + .target_to_host_data = netlink_audit_target_to_host, + .host_to_target_data = netlink_audit_host_to_target, +}; + /* do_socket() Must return target values and target errnos. */ static abi_long do_socket(int domain, int type, int protocol) { @@ -2680,7 +2734,8 @@ static abi_long do_socket(int domain, int type, int protocol) if (domain == PF_NETLINK && !(protocol == NETLINK_ROUTE || - protocol == NETLINK_KOBJECT_UEVENT)) { + protocol == NETLINK_KOBJECT_UEVENT || + protocol == NETLINK_AUDIT)) { return -EPFNOSUPPORT; } @@ -2705,6 +2760,9 @@ static abi_long do_socket(int domain, int type, int protocol) case NETLINK_KOBJECT_UEVENT: /* nothing to do: messages are strings */ break; + case NETLINK_AUDIT: + fd_trans_register(ret, &target_netlink_audit_trans); + break; default: g_assert_not_reached(); }