seccomp: Configurable separator for the actions_logged string
The function that converts a bitmask of seccomp actions that are allowed to be logged is currently only used for constructing the display string for the kernel.seccomp.actions_logged sysctl. That string wants a space character to be used for the separator between actions. A future patch will make use of the same function for building a string that will be sent to the audit subsystem for tracking modifications to the kernel.seccomp.actions_logged sysctl. That string will need to use a comma as a separator. This patch allows the separator character to be configurable to meet both needs. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
d013db0294
commit
beb44acaf0
|
@ -1135,10 +1135,11 @@ static const struct seccomp_log_name seccomp_log_names[] = {
|
||||||
};
|
};
|
||||||
|
|
||||||
static bool seccomp_names_from_actions_logged(char *names, size_t size,
|
static bool seccomp_names_from_actions_logged(char *names, size_t size,
|
||||||
u32 actions_logged)
|
u32 actions_logged,
|
||||||
|
const char *sep)
|
||||||
{
|
{
|
||||||
const struct seccomp_log_name *cur;
|
const struct seccomp_log_name *cur;
|
||||||
bool append_space = false;
|
bool append_sep = false;
|
||||||
|
|
||||||
for (cur = seccomp_log_names; cur->name && size; cur++) {
|
for (cur = seccomp_log_names; cur->name && size; cur++) {
|
||||||
ssize_t ret;
|
ssize_t ret;
|
||||||
|
@ -1146,15 +1147,15 @@ static bool seccomp_names_from_actions_logged(char *names, size_t size,
|
||||||
if (!(actions_logged & cur->log))
|
if (!(actions_logged & cur->log))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (append_space) {
|
if (append_sep) {
|
||||||
ret = strscpy(names, " ", size);
|
ret = strscpy(names, sep, size);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
names += ret;
|
names += ret;
|
||||||
size -= ret;
|
size -= ret;
|
||||||
} else
|
} else
|
||||||
append_space = true;
|
append_sep = true;
|
||||||
|
|
||||||
ret = strscpy(names, cur->name, size);
|
ret = strscpy(names, cur->name, size);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
|
@ -1208,7 +1209,7 @@ static int read_actions_logged(struct ctl_table *ro_table, void __user *buffer,
|
||||||
memset(names, 0, sizeof(names));
|
memset(names, 0, sizeof(names));
|
||||||
|
|
||||||
if (!seccomp_names_from_actions_logged(names, sizeof(names),
|
if (!seccomp_names_from_actions_logged(names, sizeof(names),
|
||||||
seccomp_actions_logged))
|
seccomp_actions_logged, " "))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
table = *ro_table;
|
table = *ro_table;
|
||||||
|
|
Loading…
Reference in New Issue