[yocto] [PATCH 1/1][meta-selinux] audit: correct syscall rule arch usage for arm

Thu, 09 Jul 2015 01:07:10 -0700 

From: He Zhe <zhe...@windriver.com>

For all arm arch, kernel uses AUDIT_ARCH_ARM as its arch to filter
syscalls. But userspace audit uses AUDIT_ARCH_ARMEB when creating audit
rules, if arch=b32 is specified for auditctl. This causes kernel not to
record all arm syscalls.

This patch change audit rule arch from AUDIT_ARCH_ARMEB to
AUDIT_ARCH_ARM.

Signed-off-by: He Zhe <zhe...@windriver.com>
---
 .../audit/arm-correct-audit-rule-arch-usage.patch  | 35 ++++++++++++++++++++++
 recipes-security/audit/audit_2.3.2.bb              |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 
recipes-security/audit/audit/arm-correct-audit-rule-arch-usage.patch

diff --git 
a/recipes-security/audit/audit/arm-correct-audit-rule-arch-usage.patch 
b/recipes-security/audit/audit/arm-correct-audit-rule-arch-usage.patch
new file mode 100644
index 0000000..a2e058b
--- /dev/null
+++ b/recipes-security/audit/audit/arm-correct-audit-rule-arch-usage.patch
@@ -0,0 +1,35 @@
+From 11b3b7628ba9c33ca7a89ba12cf45d3917441ff0 Mon Sep 17 00:00:00 2001
+From: He Zhe <zhe...@windriver.com>
+Date: Tue, 10 Mar 2015 16:03:36 +0800
+Subject: [PATCH] arm: Correct arch usage
+
+Upstream Status: Pending
+
+For all arm arch, kernel uses AUDIT_ARCH_ARM as its arch to filter syscalls.
+But userspace audit uses AUDIT_ARCH_ARMEB when creating audit rules, if
+arch=b32 is specified for auditctl. This causes kernel not to record all
+arm syscalls.
+
+This patch change audit rule arch from AUDIT_ARCH_ARMEB to AUDIT_ARCH_ARM.
+
+Signed-off-by: He Zhe <zhe...@windriver.com>
+---
+ lib/lookup_table.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/lookup_table.c b/lib/lookup_table.c
+index 4f4c0ae..f79c6ee 100644
+--- a/lib/lookup_table.c
++++ b/lib/lookup_table.c
+@@ -77,7 +77,7 @@ static const struct int_transtab elftab[] = {
+     { MACH_ALPHA,   AUDIT_ARCH_ALPHA  },
+ #endif
+ #ifdef WITH_ARMEB
+-    { MACH_ARMEB,   AUDIT_ARCH_ARMEB  },
++    { MACH_ARMEB,   AUDIT_ARCH_ARM    },
+ #endif
+ #ifdef WITH_AARCH64
+     { MACH_AARCH64, AUDIT_ARCH_AARCH64},
+-- 
+1.8.3.1
+
diff --git a/recipes-security/audit/audit_2.3.2.bb 
b/recipes-security/audit/audit_2.3.2.bb
index 1d7ea0f..2eeb1e0 100644
--- a/recipes-security/audit/audit_2.3.2.bb
+++ b/recipes-security/audit/audit_2.3.2.bb
@@ -17,6 +17,7 @@ SRC_URI = 
"http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
           file://fix-swig-host-contamination.patch \
           file://auditd.service \
           file://audit-volatile.conf \
+          file://arm-correct-audit-rule-arch-usage.patch \
 "
 SRC_URI_append_arm = "file://add-system-call-table-for-ARM.patch"
 
-- 
1.9.1

-- 
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Reply via email to