import CS audit-3.0.7-104.el9

This commit is contained in:
eabdullin 2023-09-21 18:03:40 +00:00
parent 373469dc5b
commit 51464ddeef
2 changed files with 136 additions and 6 deletions

View File

@ -0,0 +1,122 @@
From d1aec22f62b1cd95c16b26b67a9268ed27713f84 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 7 Feb 2023 10:32:11 -0500
Subject: [PATCH] Add support for new FANOTIFY record fields
---
ChangeLog | 1 +
auparse/auparse-defs.h | 5 ++--
auparse/interpret.c | 65 +++++++++++++++++++++++++++++++++++++++++-
auparse/typetab.h | 4 +++
4 files changed, 72 insertions(+), 3 deletions(-)
diff --git a/auparse/auparse-defs.h b/auparse/auparse-defs.h
index 7c0ac76..81a85a4 100644
--- a/auparse/auparse-defs.h
+++ b/auparse/auparse-defs.h
@@ -88,7 +88,8 @@ typedef enum { AUPARSE_TYPE_UNCLASSIFIED, AUPARSE_TYPE_UID, AUPARSE_TYPE_GID,
AUPARSE_TYPE_NETACTION, AUPARSE_TYPE_MACPROTO,
AUPARSE_TYPE_IOCTL_REQ, AUPARSE_TYPE_ESCAPED_KEY,
AUPARSE_TYPE_ESCAPED_FILE, AUPARSE_TYPE_FANOTIFY,
- AUPARSE_TYPE_NLMCGRP, AUPARSE_TYPE_RESOLVE
+ AUPARSE_TYPE_NLMCGRP, AUPARSE_TYPE_RESOLVE, AUPARSE_TYPE_TRUST,
+ AUPARSE_TYPE_FAN_TYPE, AUPARSE_TYPE_FAN_INFO
} auparse_type_t;
/* This type determines what escaping if any gets applied to interpreted fields */
diff --git a/auparse/interpret.c b/auparse/interpret.c
index 373851f..f106056 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -2372,6 +2372,60 @@ static const char *print_openat2_resolve(const char *val)
return strdup(buf);
}
+static const char *print_trust(const char *val)
+{
+ const char *out;
+
+ if (strcmp(val, "0") == 0)
+ out = strdup("no");
+ else if (strcmp(val, "1") == 0)
+ out = strdup("yes");
+ else
+ out = strdup("unknown");
+
+ return out;
+}
+
+// fan_type always preceeds fan_info
+static int last_type = 2;
+static const char *print_fan_type(const char *val)
+{
+ const char *out;
+
+ if (strcmp(val, "0") == 0) {
+ out = strdup("none");
+ last_type = 0;
+ } else if (strcmp(val, "1") == 0) {
+ out = strdup("rule_info");
+ last_type = 1;
+ } else {
+ out = strdup("unknown");
+ last_type = 2;
+ }
+
+ return out;
+}
+
+static const char *print_fan_info(const char *val)
+{
+ const char *out;
+ if (last_type == 1) {
+ errno = 0;
+ unsigned long info = strtoul(val, NULL, 16);
+ if (errno) {
+ if (asprintf(&out, "conversion error(%s)", val) < 0)
+ out = NULL;
+ return out;
+ } else {
+ if (asprintf(&out, "%lu", info) < 0)
+ out = NULL;
+ return out;
+ }
+ } else
+ out = strdup(val);
+ return out;
+}
+
static const char *print_a0(const char *val, const idata *id)
{
char *out;
@@ -3286,6 +3340,15 @@ unknown:
case AUPARSE_TYPE_RESOLVE:
out = print_openat2_resolve(id->val);
break;
+ case AUPARSE_TYPE_TRUST:
+ out = print_trust(id->val);
+ break;
+ case AUPARSE_TYPE_FAN_TYPE:
+ out = print_fan_type(id->val);
+ break;
+ case AUPARSE_TYPE_FAN_INFO:
+ out = print_fan_info(id->val);
+ break;
case AUPARSE_TYPE_MAC_LABEL:
case AUPARSE_TYPE_UNCLASSIFIED:
default:
diff --git a/auparse/typetab.h b/auparse/typetab.h
index 0e37d02..5c8fca8 100644
--- a/auparse/typetab.h
+++ b/auparse/typetab.h
@@ -145,3 +145,7 @@ _S(AUPARSE_TYPE_ESCAPED, "sw" )
_S(AUPARSE_TYPE_ESCAPED, "root_dir" )
_S(AUPARSE_TYPE_NLMCGRP, "nl-mcgrp" )
_S(AUPARSE_TYPE_RESOLVE, "resolve" )
+_S(AUPARSE_TYPE_TRUST, "subj_trust" )
+_S(AUPARSE_TYPE_TRUST, "obj_trust" )
+_S(AUPARSE_TYPE_FAN_TYPE, "fan_type" )
+_S(AUPARSE_TYPE_FAN_INFO, "fan_info" )
--
2.41.0

View File

@ -2,7 +2,7 @@
Summary: User space tools for kernel auditing
Name: audit
Version: 3.0.7
Release: 103%{?dist}
Release: 104%{?dist}
License: GPLv2+
URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@ -15,6 +15,8 @@ Patch4: audit-3.0.8-drop-protecthome.patch
Patch5: audit-3.0.8-flex-array-workaround.patch
Patch6: audit-3.0.8-undo-flex-array.patch
Patch7: audit-3.1-fanotify-records.patch
BuildRequires: make gcc swig
BuildRequires: openldap-devel
BuildRequires: krb5-devel libcap-ng-devel
@ -95,13 +97,15 @@ Management Facility) database, through an IBM Tivoli Directory Server
%prep
%setup -q
cp %{SOURCE1} .
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch -P 1 -p1
%patch -P 2 -p1
%patch -P 3 -p1
%patch -P 4 -p1
cp /usr/include/linux/audit.h lib/
%patch5 -p1
%patch -P 5 -p1
%patch -P 7 -p1
autoreconf -fv --install
@ -278,6 +282,10 @@ fi
%attr(750,root,root) %{_sbindir}/audispd-zos-remote
%changelog
* Thu Jun 22 2023 Radovan Sroka <rsroka@redhat.com> - 3.0.7-104
- Introduce new fanotify record fields
Resolves: rhbz#2216666
* Mon May 02 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-103
- Drop ProtectHome from auditd.service as it interferes with rules
Resolves: rhbz#2071725 - Default systemd service config blocks audit watch rules in some directories [rhel-9.1.0]