audit: allow unsetting the loginuid (with priv)

If a task has CAP_AUDIT_CONTROL allow that task to unset their loginuid.
This would allow a child of that task to set their loginuid without
CAP_AUDIT_CONTROL.  Thus when launching a new login daemon, a
priviledged helper would be able to unset the loginuid and then the
daemon, which may be malicious user facing, do not need priv to function
correctly.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>

fs/proc/base.c

@@ -1151,11 +1151,17 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
 		goto out_free_page;
 
 	}
+
+	/* is userspace tring to explicitly UNSET the loginuid? */
+	if (loginuid == AUDIT_UID_UNSET) {
+		kloginuid = INVALID_UID;
+	} else {
 		kloginuid = make_kuid(file->f_cred->user_ns, loginuid);
 		if (!uid_valid(kloginuid)) {
 			length = -EINVAL;
 			goto out_free_page;
 		}
+	}
 
 	length = audit_set_loginuid(kloginuid);
 	if (likely(length == 0))

kernel/auditsc.c

@@ -2019,6 +2019,8 @@ int audit_set_loginuid(kuid_t loginuid)
 	if (rc)
 		goto out;
 
+	/* are we setting or clearing? */
+	if (uid_valid(loginuid))
 		sessionid = atomic_inc_return(&session_id);
 
 	task->sessionid = sessionid;