[GIT PULL] Audit patches for v4.10

From: Paul Moore
Date: Wed Dec 14 2016 - 13:28:27 EST

Hi Linus,

After the small number of patches for v4.9, we've got a much bigger pile for

The bulk of these patches involve a rework of the audit backlog queue to
enable us to move the netlink multicasting out of the task/thread that
generates the audit record and into the kernel thread that emits the record
(just like we do for the audit unicast to auditd). While we were playing
with the backlog queue(s) we fixed a number of other little problems with
the code, and from all the testing so far things look to be in much better
shape now. Doing this also allowed us to re-enable disabling IRQs for some
netns operations ("netns: avoid disabling irq for netns id"). The remaining
patches fix some small problems that are well documented in the commit
descriptions, as well as adding session ID filtering support.

You will likely hit two merge conflicts, one in net/core/net_namespace.c and
one in include/uapi/linux/audit.h, both are easily resolved so I won't
bother you with that here. If you have questions, you know how to find me.


The following changes since commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3:

Linux 4.8 (2016-10-02 16:24:33 -0700)

are available in the git repository at:

git://git.infradead.org/users/pcmoore/audit stable-4.10

for you to fetch changes up to 533c7b69c764ad5febb3e716899f43a75564fcab:

audit: use proper refcount locking on audit_sock
(2016-12-14 13:06:04 -0500)

Alexey Dobriyan (1):
audit: less stack usage for /proc/*/loginuid

Paul Moore (9):
audit: fixup audit_init()
audit: queue netlink multicast sends just like we do for unicast sends
audit: rename the queues and kauditd related functions
audit: rework the audit queue handling
audit: rework audit_log_start()
audit: wake up kauditd_thread after auditd registers
audit: handle a clean auditd shutdown with grace
audit: don't ever sleep on a command record/message
netns: avoid disabling irq for netns id

Richard Guy Briggs (5):
audit: tame initialization warning len_abuf in audit_log_execve_info
audit: skip sessionid sentinel value when auto-incrementing
audit: add support for session ID user filter
audit: move kaudit thread start from auditd registration to
kaudit init (#2)
audit: use proper refcount locking on audit_sock

Steve Grubb (1):
audit: fix formatting of AUDIT_CONFIG_CHANGE events

fs/proc/base.c | 2 +-
include/uapi/linux/audit.h | 5 +-
kernel/audit.c | 532 ++++++++++++++++++++++++---------------
kernel/audit_fsnotify.c | 5 +-
kernel/audit_tree.c | 3 +-
kernel/audit_watch.c | 5 +-
kernel/auditfilter.c | 5 +-
kernel/auditsc.c | 12 +-
net/core/net_namespace.c | 35 ++-
9 files changed, 361 insertions(+), 243 deletions(-)

paul moore
security @ redhat