ChangeLog:
https://github.com/linux-audit/audit-userspace/releases/tag/v4.0
Major changes:
Separate loading rules and logging events into separate services,
audit-rules.service and auditd.service.
Drop support for python2 and SysVinit.
The auvirt and autrace programs have been dropped.
The syscall and interpretation tables have been updated for the 6.8
kernel.
* Backport patch to fix build error with musl
* Clean up configure options
* Use its own systemd service files
* Refresh patches
* Fix indentation
Signed-off-by: Yi Zhao <yi.z...@windriver.com>
---
...-Fixed-swig-host-contamination-issue.patch | 16 +--
...te_malloc__-with-__attribute__-__ma.patch} | 24 +++-
.../0002-Add-attribute-declarations.patch | 35 ++++++
.../audit/audit/auditd.service | 28 -----
meta-oe/recipes-security/audit/audit_3.1.2.bb | 116 ------------------
meta-oe/recipes-security/audit/audit_4.0.bb | 103 ++++++++++++++++
6 files changed, 165 insertions(+), 157 deletions(-)
rename
meta-oe/recipes-security/audit/audit/{0002-Replace-__attribute_malloc__-with-__attribute__-__ma.patch
=> 0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch} (54%)
create mode 100644
meta-oe/recipes-security/audit/audit/0002-Add-attribute-declarations.patch
delete mode 100644 meta-oe/recipes-security/audit/audit/auditd.service
delete mode 100644 meta-oe/recipes-security/audit/audit_3.1.2.bb
create mode 100644 meta-oe/recipes-security/audit/audit_4.0.bb
diff --git
a/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch
b/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch
index 5f2ecc141..f2755d5c0 100644
---
a/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch
+++
b/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch
@@ -1,4 +1,4 @@
-From 9a32d42dfc6713fd0085dd4563a934afc30ec097 Mon Sep 17 00:00:00 2001
+From 5cdc667aeb7a014cdc1f8c7df8f8080408773dbe Mon Sep 17 00:00:00 2001
From: Li xin <lixin.f...@cn.fujitsu.com>
Date: Sun, 19 Jul 2015 02:42:58 +0900
Subject: [PATCH] Fixed swig host contamination issue
@@ -19,7 +19,7 @@ Signed-off-by: Yi Zhao <yi.z...@windriver.com>
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/bindings/swig/python3/Makefile.am
b/bindings/swig/python3/Makefile.am
-index 6131e80d..2fb7207b 100644
+index c2c6def4..bcc2836c 100644
--- a/bindings/swig/python3/Makefile.am
+++ b/bindings/swig/python3/Makefile.am
@@ -23,6 +23,7 @@
@@ -28,9 +28,9 @@ index 6131e80d..2fb7207b 100644
AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
+STDINC ?= /usr/include
LIBS = $(top_builddir)/lib/libaudit.la
- SWIG_FLAGS = -python -py3 -modern
+ SWIG_FLAGS = -python
SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
-@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h
${top_builddir}/lib/libaudi
+@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/audit_logging.h
${top_builddir}/lib/li
_audit_la_LIBADD = ${top_builddir}/lib/libaudit.la
nodist__audit_la_SOURCES = audit_wrap.c
audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i
@@ -40,18 +40,18 @@ index 6131e80d..2fb7207b 100644
CLEANFILES = audit.py* audit_wrap.c *~
diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
-index 9a2c5661..6cbb7295 100644
+index 6b267844..5a4e442f 100644
--- a/bindings/swig/src/auditswig.i
+++ b/bindings/swig/src/auditswig.i
-@@ -43,7 +43,7 @@ typedef unsigned uid_t;
- * generating setters against them: https://github.com/swig/swig/issues/1699
+@@ -50,7 +50,7 @@ typedef unsigned uid_t;
*/
%ignore audit_rule_data::buf;
+
-%include "/usr/include/linux/audit.h"
+%include "../lib/audit.h"
#define __extension__ /*nothing*/
%include <stdint.i>
- %include "../lib/libaudit.h"
+ %include "../lib/audit-records.h"
--
2.25.1
diff --git
a/meta-oe/recipes-security/audit/audit/0002-Replace-__attribute_malloc__-with-__attribute__-__ma.patch
b/meta-oe/recipes-security/audit/audit/0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch
similarity index 54%
rename from
meta-oe/recipes-security/audit/audit/0002-Replace-__attribute_malloc__-with-__attribute__-__ma.patch
rename to
meta-oe/recipes-security/audit/audit/0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch
index 7f0af74a8..b1f324f22 100644
---
a/meta-oe/recipes-security/audit/audit/0002-Replace-__attribute_malloc__-with-__attribute__-__ma.patch
+++
b/meta-oe/recipes-security/audit/audit/0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch
@@ -1,4 +1,4 @@
-From 679cb57fa93984fed345dd3890cdbcbaa24e8518 Mon Sep 17 00:00:00 2001
+From 88c9b2c5cebebf13f90890baebbadc60d9fe8d16 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.k...@gmail.com>
Date: Tue, 9 Aug 2022 23:57:03 -0700
Subject: [PATCH] Replace __attribute_malloc__ with __attribute__((__malloc__))
@@ -14,14 +14,28 @@ Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.k...@gmail.com>
---
- auparse/auparse.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ audisp/plugins/remote/queue.h | 2 +-
+ auparse/auparse.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+diff --git a/audisp/plugins/remote/queue.h b/audisp/plugins/remote/queue.h
+index 36b70d04..031507dc 100644
+--- a/audisp/plugins/remote/queue.h
++++ b/audisp/plugins/remote/queue.h
+@@ -53,7 +53,7 @@ void q_close(struct queue *q);
+ * On error, return NULL and set errno. */
+ struct queue *q_open(int q_flags, const char *path, size_t num_entries,
+ size_t entry_size)
+- __attribute_malloc__ __attr_dealloc (q_close, 1) __wur;
++ __attribute__((__malloc__)) __attr_dealloc (q_close, 1) __wur;
+
+ /* Add DATA to tail of Q. Return 0 on success, -1 on error and set errno. */
+ int q_append(struct queue *q, const char *data);
diff --git a/auparse/auparse.h b/auparse/auparse.h
-index 5cb7402e..39156eff 100644
+index c27f1ff9..87c52965 100644
--- a/auparse/auparse.h
+++ b/auparse/auparse.h
-@@ -54,7 +54,7 @@ typedef void (*auparse_callback_ptr)(auparse_state_t *au,
+@@ -55,7 +55,7 @@ typedef void (*auparse_callback_ptr)(auparse_state_t *au,
void auparse_destroy(auparse_state_t *au);
void auparse_destroy_ext(auparse_state_t *au, auparse_destroy_what_t what);
auparse_state_t *auparse_init(ausource_t source, const void *b)
diff --git
a/meta-oe/recipes-security/audit/audit/0002-Add-attribute-declarations.patch
b/meta-oe/recipes-security/audit/audit/0002-Add-attribute-declarations.patch
new file mode 100644
index 000000000..349142580
--- /dev/null
+++ b/meta-oe/recipes-security/audit/audit/0002-Add-attribute-declarations.patch
@@ -0,0 +1,35 @@
+From 64cb48e1e5137b8a389c7528e611617a98389bc7 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <ausearc...@gmail.com>
+Date: Thu, 25 Jan 2024 15:14:51 -0500
+Subject: [PATCH] Add attribute declarations
+
+Upstream-Status: Backport
+[https://github.com/linux-audit/audit-userspace/commit/64cb48e1e5137b8a389c7528e611617a98389bc7]
+
+Signed-off-by: Yi Zhao <yi.z...@windriver.com>
+---
+ audisp/plugins/remote/queue.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/audisp/plugins/remote/queue.h b/audisp/plugins/remote/queue.h
+index 36b70d04..2c70e839 100644
+--- a/audisp/plugins/remote/queue.h
++++ b/audisp/plugins/remote/queue.h
+@@ -1,5 +1,5 @@
+ /* queue.h -- a queue abstraction
+- * Copyright 2009, 2011 Red Hat Inc., Durham, North Carolina.
++ * Copyright 2009, 2011 Red Hat Inc.
+ * All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+@@ -25,6 +25,7 @@
+ #define QUEUE_HEADER
+
+ #include <sys/types.h>
++#include "common.h" // attribute decls
+
+ struct queue;
+
+--
+2.25.1
+
diff --git a/meta-oe/recipes-security/audit/audit/auditd.service
b/meta-oe/recipes-security/audit/audit/auditd.service
deleted file mode 100644
index 06c63f0e5..000000000
--- a/meta-oe/recipes-security/audit/audit/auditd.service
+++ /dev/null
@@ -1,28 +0,0 @@
-[Unit]
-Description=Security Auditing Service
-DefaultDependencies=no
-After=local-fs.target systemd-tmpfiles-setup.service
-Before=sysinit.target shutdown.target
-Conflicts=shutdown.target
-ConditionKernelCommandLine=!audit=0
-
-[Service]
-Type=forking
-PIDFile=/run/auditd.pid
-ExecStart=/sbin/auditd
-## To use augenrules, uncomment the next line and comment/delete the auditctl
line.
-## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
-#ExecStartPost=-/sbin/augenrules --load
-ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
-# By default we don't clear the rules on exit.
-# To enable this, uncomment the next line.
-#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
-
-### Security Settings ###
-MemoryDenyWriteExecute=true
-LockPersonality=true
-ProtectControlGroups=true
-ProtectKernelModules=true
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta-oe/recipes-security/audit/audit_3.1.2.bb
b/meta-oe/recipes-security/audit/audit_3.1.2.bb
deleted file mode 100644
index 7136ed6a4..000000000
--- a/meta-oe/recipes-security/audit/audit_3.1.2.bb
+++ /dev/null
@@ -1,116 +0,0 @@
-SUMMARY = "User space tools for kernel auditing"
-DESCRIPTION = "The audit package contains the user space utilities for \
-storing and searching the audit records generated by the audit subsystem \
-in the Linux kernel."
-HOMEPAGE = "http://people.redhat.com/sgrubb/audit/";
-SECTION = "base"
-LICENSE = "GPL-2.0-or-later & LGPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-
-SRC_URI =
"git://github.com/linux-audit/${BPN}-userspace.git;branch=master;protocol=https
\
- file://0001-Fixed-swig-host-contamination-issue.patch \
-
file://0002-Replace-__attribute_malloc__-with-__attribute__-__ma.patch \
- file://auditd \
- file://auditd.service \
- file://audit-volatile.conf \
-"
-
-S = "${WORKDIR}/git"
-SRCREV = "572eb7d4fe926e7c1c52166d08e78af54877cbc5"
-
-inherit autotools python3targetconfig update-rc.d systemd
-
-UPDATERCPN = "auditd"
-INITSCRIPT_NAME = "auditd"
-INITSCRIPT_PARAMS = "defaults"
-
-SYSTEMD_PACKAGES = "auditd"
-SYSTEMD_SERVICE:auditd = "auditd.service"
-
-DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native
python3-setuptools-native"
-
-EXTRA_OECONF = " --with-libwrap \
- --enable-gssapi-krb5=no \
- --with-libcap-ng=yes \
- --with-python3=yes \
- --libdir=${base_libdir} \
- --sbindir=${base_sbindir} \
- --without-python \
- --without-golang \
- --disable-zos-remote \
- --with-arm=yes \
- --with-aarch64=yes \
- "
-
-EXTRA_OEMAKE = "PYLIBVER='python${PYTHON_BASEVERSION}' \
- PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
- pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
- STDINC='${STAGING_INCDIR}' \
- pkgconfigdir=${libdir}/pkgconfig \
- "
-
-SUMMARY:audispd-plugins = "Plugins for the audit event dispatcher"
-DESCRIPTION:audispd-plugins = "The audispd-plugins package provides plugins
for the real-time \
-interface to the audit system, audispd. These plugins can do things \
-like relay events to remote machines or analyze events for suspicious \
-behavior."
-
-PACKAGES =+ "audispd-plugins"
-PACKAGES += "auditd ${PN}-python"
-
-FILES:${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1*
${base_libdir}/libauparse.so.*"
-FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*
${datadir}/audit/*"
-FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \
- ${sysconfdir}/audit/plugins.d/au-remote.conf \
- ${sysconfdir}/audit/plugins.d/syslog.conf \
- ${base_sbindir}/audisp-remote \
- ${base_sbindir}/audisp-syslog \
- ${localstatedir}/spool/audit \
- "
-FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
-FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
-
-CONFFILES:auditd = "${sysconfdir}/audit/audit.rules"
-
-do_configure:prepend() {
- sed -e 's|buf\[];|buf[0];|g' ${STAGING_INCDIR}/linux/audit.h >
${S}/lib/audit.h
- sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g'
${S}/lib/libaudit.h
-}
-
-do_install:append() {
- sed -i -e 's|#include "audit.h"|#include <linux/audit.h>|g'
${D}${includedir}/libaudit.h
-
- rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
- rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
-
- # reuse auditd config
- [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default
- mv ${D}/etc/sysconfig/auditd ${D}/etc/default
- rmdir ${D}/etc/sysconfig/
-
- # replace init.d
- install -D -m 0755 ${WORKDIR}/auditd ${D}/etc/init.d/auditd
- rm -rf ${D}/etc/rc.d
-
- if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false',
d)}; then
- # install systemd unit files
- install -d ${D}${systemd_unitdir}/system
- install -m 0644 ${WORKDIR}/auditd.service
${D}${systemd_unitdir}/system
-
- install -d ${D}${sysconfdir}/tmpfiles.d/
- install -m 0644 ${WORKDIR}/audit-volatile.conf
${D}${sysconfdir}/tmpfiles.d/
- fi
-
- # audit-2.5 doesn't install any rules by default, so we do that here
- mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d
- cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules
-
- chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
- chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
-
- # Based on the audit.spec "Copy default rules into place on new
installation"
- cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
-
- # Create /var/spool/audit directory for audisp-remote
- install -m 0700 -d ${D}${localstatedir}/spool/audit
-}
diff --git a/meta-oe/recipes-security/audit/audit_4.0.bb
b/meta-oe/recipes-security/audit/audit_4.0.bb
new file mode 100644
index 000000000..c8ab0d880
--- /dev/null
+++ b/meta-oe/recipes-security/audit/audit_4.0.bb
@@ -0,0 +1,103 @@
+SUMMARY = "User space tools for kernel auditing"
+DESCRIPTION = "The audit package contains the user space utilities for \
+storing and searching the audit records generated by the audit subsystem \
+in the Linux kernel."
+HOMEPAGE = "http://people.redhat.com/sgrubb/audit/";
+SECTION = "base"
+LICENSE = "GPL-2.0-or-later & LGPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+SRC_URI =
"git://github.com/linux-audit/${BPN}-userspace.git;branch=master;protocol=https
\
+ file://0001-Fixed-swig-host-contamination-issue.patch \
+ file://0002-Add-attribute-declarations.patch \
+ file://auditd \
+ file://audit-volatile.conf \
+ "
+
+SRC_URI:append:libc-musl = "
file://0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch"
+
+S = "${WORKDIR}/git"
+SRCREV = "ae7d2830391c1115cebff6340ef3130b1b03ce45"
+
+inherit autotools python3targetconfig update-rc.d systemd
+
+UPDATERCPN = "auditd"
+INITSCRIPT_NAME = "auditd"
+INITSCRIPT_PARAMS = "defaults"
+
+SYSTEMD_PACKAGES = "auditd"
+SYSTEMD_SERVICE:auditd = "auditd.service audit-rules.service"
+
+DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native
python3-setuptools-native coreutils-native"
+
+EXTRA_OECONF = " \
+ --with-libwrap \
+ --with-libcap-ng \
+ --with-python3 \
+ --with-arm \
+ --with-aarch64 \
+ --without-golang \
+ --disable-gssapi-krb5 \
+ --disable-zos-remote \
+ --sbindir=${base_sbindir} \
+ "
+
+EXTRA_OEMAKE = " \
+ PYTHON=python3 \
+ pythondir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
+ pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
+ STDINC='${STAGING_INCDIR}' \
+ "
+
+SUMMARY:audispd-plugins = "Plugins for the audit event dispatcher"
+DESCRIPTION:audispd-plugins = "The audispd-plugins package provides plugins
for the real-time \
+interface to the audit system, audispd. These plugins can do things \
+like relay events to remote machines or analyze events for suspicious \
+behavior."
+
+PACKAGES =+ "audispd-plugins"
+PACKAGES += "auditd ${PN}-python"
+
+FILES:${PN} = "${sysconfdir}/libaudit.conf ${libdir}/libau*.so.*"
+FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*
${datadir}/audit-rules/* ${libexecdir}/*"
+FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \
+ ${sysconfdir}/audit/plugins.d/au-remote.conf \
+ ${sysconfdir}/audit/plugins.d/syslog.conf \
+ ${base_sbindir}/audisp-remote \
+ ${base_sbindir}/audisp-syslog \
+ ${localstatedir}/spool/audit \
+ "
+FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
+FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
+
+CONFFILES:auditd = "${sysconfdir}/audit/audit.rules"
+
+do_configure:prepend() {
+ sed -e 's|buf\[];|buf[0];|g' ${STAGING_INCDIR}/linux/audit.h >
${S}/lib/audit.h
+ sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g'
${S}/lib/libaudit.h
+}
+
+do_install:append() {
+ sed -i -e 's|#include "audit.h"|#include <linux/audit.h>|g'
${D}${includedir}/libaudit.h
+
+ # Install default rules
+ install -d -m 750 ${D}/etc/audit
+ install -d -m 750 ${D}/etc/audit/rules.d
+
+ install -m 0640 ${S}/rules/10-base-config.rules
${D}/etc/audit/rules.d/audit.rules
+
+ # Based on the audit.spec "Copy default rules into place on new
installation"
+ install -m 0640 ${D}/etc/audit/rules.d/audit.rules
${D}/etc/audit/audit.rules
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false',
d)}; then
+ install -D -m 0644 ${WORKDIR}/audit-volatile.conf
${D}${sysconfdir}/tmpfiles.d/audit.conf
+ fi
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false',
d)}; then
+ install -D -m 0755 ${WORKDIR}/auditd ${D}/etc/init.d/auditd
+ rm -rf ${D}${libdir}/systemd
+ fi
+
+ # Create /var/spool/audit directory for audisp-remote
+ install -d -m 0700 ${D}${localstatedir}/spool/audit
+}
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#109012):
https://lists.openembedded.org/g/openembedded-devel/message/109012
Mute This Topic: https://lists.openembedded.org/mt/104530928/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
