[yocto] [PATCH 1/1][meta-selinux] audit: correct syscall rule arch usage for arm
wenzong.fan at windriver.com
wenzong.fan at windriver.com
Thu Jul 9 00:58:39 PDT 2015
From: He Zhe <zhe.he at windriver.com>
For all arm arch, kernel uses AUDIT_ARCH_ARM as its arch to filter
syscalls. But userspace audit uses AUDIT_ARCH_ARMEB when creating audit
rules, if arch=b32 is specified for auditctl. This causes kernel not to
record all arm syscalls.
This patch change audit rule arch from AUDIT_ARCH_ARMEB to
AUDIT_ARCH_ARM.
Signed-off-by: He Zhe <zhe.he at windriver.com>
---
.../audit/arm-correct-audit-rule-arch-usage.patch | 35 ++++++++++++++++++++++
recipes-security/audit/audit_2.3.2.bb | 1 +
2 files changed, 36 insertions(+)
create mode 100644 recipes-security/audit/audit/arm-correct-audit-rule-arch-usage.patch
diff --git a/recipes-security/audit/audit/arm-correct-audit-rule-arch-usage.patch b/recipes-security/audit/audit/arm-correct-audit-rule-arch-usage.patch
new file mode 100644
index 0000000..a2e058b
--- /dev/null
+++ b/recipes-security/audit/audit/arm-correct-audit-rule-arch-usage.patch
@@ -0,0 +1,35 @@
+From 11b3b7628ba9c33ca7a89ba12cf45d3917441ff0 Mon Sep 17 00:00:00 2001
+From: He Zhe <zhe.he at windriver.com>
+Date: Tue, 10 Mar 2015 16:03:36 +0800
+Subject: [PATCH] arm: Correct arch usage
+
+Upstream Status: Pending
+
+For all arm arch, kernel uses AUDIT_ARCH_ARM as its arch to filter syscalls.
+But userspace audit uses AUDIT_ARCH_ARMEB when creating audit rules, if
+arch=b32 is specified for auditctl. This causes kernel not to record all
+arm syscalls.
+
+This patch change audit rule arch from AUDIT_ARCH_ARMEB to AUDIT_ARCH_ARM.
+
+Signed-off-by: He Zhe <zhe.he at windriver.com>
+---
+ lib/lookup_table.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/lookup_table.c b/lib/lookup_table.c
+index 4f4c0ae..f79c6ee 100644
+--- a/lib/lookup_table.c
++++ b/lib/lookup_table.c
+@@ -77,7 +77,7 @@ static const struct int_transtab elftab[] = {
+ { MACH_ALPHA, AUDIT_ARCH_ALPHA },
+ #endif
+ #ifdef WITH_ARMEB
+- { MACH_ARMEB, AUDIT_ARCH_ARMEB },
++ { MACH_ARMEB, AUDIT_ARCH_ARM },
+ #endif
+ #ifdef WITH_AARCH64
+ { MACH_AARCH64, AUDIT_ARCH_AARCH64},
+--
+1.8.3.1
+
diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb
index 1d7ea0f..2eeb1e0 100644
--- a/recipes-security/audit/audit_2.3.2.bb
+++ b/recipes-security/audit/audit_2.3.2.bb
@@ -17,6 +17,7 @@ SRC_URI = "http://people.redhat.com/sgrubb/audit/audit-${PV}.tar.gz \
file://fix-swig-host-contamination.patch \
file://auditd.service \
file://audit-volatile.conf \
+ file://arm-correct-audit-rule-arch-usage.patch \
"
SRC_URI_append_arm = "file://add-system-call-table-for-ARM.patch"
--
1.9.1
More information about the yocto
mailing list