From patchwork Sat Jan 30 22:27:00 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Laurent Vivier X-Patchwork-Id: 8172431 Return-Path: X-Original-To: patchwork-qemu-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id D643E9F9A0 for ; Sat, 30 Jan 2016 22:27:38 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 3732C20328 for ; Sat, 30 Jan 2016 22:27:38 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7331120320 for ; Sat, 30 Jan 2016 22:27:37 +0000 (UTC) Received: from localhost ([::1]:39914 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aPdzU-000660-Pd for patchwork-qemu-devel@patchwork.kernel.org; Sat, 30 Jan 2016 17:27:36 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53813) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aPdzG-000616-Be for qemu-devel@nongnu.org; Sat, 30 Jan 2016 17:27:23 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aPdzF-0004FT-CV for qemu-devel@nongnu.org; Sat, 30 Jan 2016 17:27:22 -0500 Received: from smtp1-g21.free.fr ([2a01:e0c:1:1599::10]:11398) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aPdzF-0004FN-6d for qemu-devel@nongnu.org; Sat, 30 Jan 2016 17:27:21 -0500 Received: from Quad.localdomain (unknown [IPv6:2a01:e34:eeee:5240:12c3:7bff:fe6b:9a76]) by smtp1-g21.free.fr (Postfix) with ESMTPS id EB1D494016D; Sat, 30 Jan 2016 23:25:31 +0100 (CET) From: Laurent Vivier To: Riku Voipio Date: Sat, 30 Jan 2016 23:27:00 +0100 Message-Id: <1454192820-5095-4-git-send-email-laurent@vivier.eu> X-Mailer: git-send-email 2.5.0 In-Reply-To: <1454192820-5095-1-git-send-email-laurent@vivier.eu> References: <1454192820-5095-1-git-send-email-laurent@vivier.eu> X-detected-operating-system: by eggs.gnu.org: Windows NT kernel [generic] [fuzzy] X-Received-From: 2a01:e0c:1:1599::10 Cc: Laurent Vivier , qemu-devel@nongnu.org, agraf@suse.de Subject: [Qemu-devel] [PATCH RFC 3/3] linux-user: add netlink audit X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This is, for instance, needed to log in a container. Without this, the user cannot be identified and the console login fails with "Login incorrect". Signed-off-by: Laurent Vivier Reviewed-by: Peter Maydell --- linux-user/syscall.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 790ae49..fa50299 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -102,6 +102,7 @@ int __clone2(int (*fn)(void *), void *child_stack_base, #include "linux_loop.h" #include #include +#include #include "uname.h" #include "qemu.h" @@ -1878,6 +1879,44 @@ static abi_long target_to_host_nlmsg_route(struct nlmsghdr *nlh, size_t len) return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_route); } +static abi_long host_to_target_data_audit(struct nlmsghdr *nlh) +{ + switch (nlh->nlmsg_type) { + default: + fprintf(stderr, "Unknown host audit message type %d\n", + nlh->nlmsg_type); + return -TARGET_EINVAL; + } + return 0; +} + +static inline abi_long host_to_target_nlmsg_audit(struct nlmsghdr *nlh, + size_t len) +{ + return host_to_target_for_each_nlmsg(nlh, len, host_to_target_data_audit); +} + +static abi_long target_to_host_data_audit(struct nlmsghdr *nlh) +{ + switch (nlh->nlmsg_type) { + case AUDIT_USER: + case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG: + case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2: + break; + default: + fprintf(stderr, "Unknown target audit message type %d\n", + nlh->nlmsg_type); + return -TARGET_EINVAL; + } + + return 0; +} + +static abi_long target_to_host_nlmsg_audit(struct nlmsghdr *nlh, size_t len) +{ + return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_audit); +} + /* do_setsockopt() Must return target values and target errnos. */ static abi_long do_setsockopt(int sockfd, int level, int optname, abi_ulong optval_addr, socklen_t optlen) @@ -2543,6 +2582,21 @@ static TargetFdTrans target_netlink_route_trans = { .host_to_target_data = netlink_route_host_to_target, }; +static abi_long netlink_audit_target_to_host(void *buf, size_t len) +{ + return target_to_host_nlmsg_audit(buf, len); +} + +static abi_long netlink_audit_host_to_target(void *buf, size_t len) +{ + return host_to_target_nlmsg_audit(buf, len); +} + +static TargetFdTrans target_netlink_audit_trans = { + .target_to_host_data = netlink_audit_target_to_host, + .host_to_target_data = netlink_audit_host_to_target, +}; + /* do_socket() Must return target values and target errnos. */ static abi_long do_socket(int domain, int type, int protocol) { @@ -2575,6 +2629,9 @@ static abi_long do_socket(int domain, int type, int protocol) case NETLINK_KOBJECT_UEVENT: /* nothing to do: messages are strings */ break; + case NETLINK_AUDIT: + fd_trans_register(ret, &target_netlink_audit_trans); + break; default: close(ret); ret = -EPFNOSUPPORT;