Commit 83fa6bbe authored by Eric Paris's avatar Eric Paris

audit: remove CONFIG_AUDIT_LOGINUID_IMMUTABLE

After trying to use this feature in Fedora we found the hard coding
policy like this into the kernel was a bad idea.  Surprise surprise.
We ran into these problems because it was impossible to launch a
container as a logged in user and run a login daemon inside that container.
This reverts back to the old behavior before this option was added.  The
option will be re-added in a userspace selectable manor such that
userspace can choose when it is and when it is not appropriate.
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent da0a6104
...@@ -301,20 +301,6 @@ config AUDIT_TREE ...@@ -301,20 +301,6 @@ config AUDIT_TREE
depends on AUDITSYSCALL depends on AUDITSYSCALL
select FSNOTIFY select FSNOTIFY
config AUDIT_LOGINUID_IMMUTABLE
bool "Make audit loginuid immutable"
depends on AUDIT
help
The config option toggles if a task setting its loginuid requires
CAP_SYS_AUDITCONTROL or if that task should require no special permissions
but should instead only allow setting its loginuid if it was never
previously set. On systems which use systemd or a similar central
process to restart login services this should be set to true. On older
systems in which an admin would typically have to directly stop and
start processes this should be set to false. Setting this to true allows
one to drop potentially dangerous capabilites from the login tasks,
but may not be backwards compatible with older init systems.
source "kernel/irq/Kconfig" source "kernel/irq/Kconfig"
source "kernel/time/Kconfig" source "kernel/time/Kconfig"
......
...@@ -1968,15 +1968,13 @@ static atomic_t session_id = ATOMIC_INIT(0); ...@@ -1968,15 +1968,13 @@ static atomic_t session_id = ATOMIC_INIT(0);
static int audit_set_loginuid_perm(kuid_t loginuid) static int audit_set_loginuid_perm(kuid_t loginuid)
{ {
#ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE
/* if we are unset, we don't need privs */ /* if we are unset, we don't need privs */
if (!audit_loginuid_set(current)) if (!audit_loginuid_set(current))
return 0; return 0;
#else /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ /* it is set, you need permission */
if (capable(CAP_AUDIT_CONTROL)) if (!capable(CAP_AUDIT_CONTROL))
return 0; return -EPERM;
#endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ return 0;
return -EPERM;
} }
static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment