Add TTY input auditing, used to audit system administrator's actions. This is
required by various security standards such as DCID 6/3 and PCI to provide
non-repudiation of administrator's actions and to allow a review of past
actions if the administrator seems to overstep their duties or if the system
becomes misconfigured for unknown reasons. These requirements do not make it
necessary to audit TTY output as well.
Compared to an user-space keylogger, this approach records TTY input using the
audit subsystem, correlated with other audit events, and it is completely
transparent to the user-space application (e.g. the console ioctls still
work).
TTY input auditing works on a higher level than auditing all system calls
within the session, which would produce an overwhelming amount of mostly
useless audit events.
Add an "audit_tty" attribute, inherited across fork (). Data read from TTYs
by process with the attribute is sent to the audit subsystem by the kernel.
The audit netlink interface is extended to allow modifying the audit_tty
attribute, and to allow sending explanatory audit events from user-space (for
example, a shell might send an event containing the final command, after the
interactive command-line editing and history expansion is performed, which
might be difficult to decipher from the TTY input alone).
Because the "audit_tty" attribute is inherited across fork (), it would be set
e.g. for sshd restarted within an audited session. To prevent this, the
audit_tty attribute is cleared when a process with no open TTY file
descriptors (e.g. after daemon startup) opens a TTY.
See https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a
more detailed rationale document for an older version of this patch.
[akpm@linux-foundation.org: build fix]
Signed-off-by: Miloslav Trmac <mitr@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Paul Fulghum <paulkf@microgate.com>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Rename config for TANBAC TB0219 GPIO support to something more appropriate.
Fixes this:
drivers/char/Kconfig:906:warning: type of 'TANBAC_TB0219' redefined from 'boolean' to 'tristate'
drivers/char/Kconfig:907:warning: choice values currently only support a single
prompt
Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Acked-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Currently ARM and MIPS both have nearly identical copies of the APM
emulation code in their arch code. Add yet another copy of it to
drivers char and make it selectable through SYS_SUPPORTS_APM_EMULATION.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Clone a new driver for moxa smartio devices by copying mxser.c to mxser_new.c
and mxser.h to mxser_new.h. No other changes are made.
This is for purposes of updating the driver to the latest vendor version.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
It's bitrotten, long unmaintained, long hidden under BROKEN_ON_SMP,
etc. As scheduled in feature-removal-schedule.txt, and ack'd several
times on lkml.
Signed-off-by: Jeff Garzik <jeff@garzik.org>
As per feature-removal-schedule.txt.
Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
This can now be removed, since there is now a drivers/rtc/rtc-s3c.c driver.
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Implement the special memory driver (mspec) based on the do_no_pfn
approach. The driver is currently used only on SN2 hardware with special
fetchop support but could be beneficial on other architectures using the
uncached mode.
Signed-off-by: Jes Sorensen <jes@sgi.com>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This driver uses the hvc_console.c infrastructure that is used by the
pSeries virtual and RTAS consoles. This will allow us to make viocons.c
obsolete and is another step along the way to a combined kernel (as
viocons could not coexist with CONFIG_VT).
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
This adds the driver for the Briq front panel. This is a cleaned up
version of a driver that has been floating around for some time now,
initially written by Karsten Jeppesen <karsten@jeppesens.com> and
cleaned up by jk and myself.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Replace the temp makefile hacks with proper CONFIG entries, which are also
added to Kconfig.
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Add the brand new pc8736x_gpio driver. This is mostly based upon
scx200_gpio.c, but the platform_dev is treated separately, since its fairly
big too.
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Add the nsc_gpio common-support module as an empty shell. Next patch starts
the migration of the common gpio support routines.
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This patch series replaces the old non-generic Hardware Random Number
Generator support by a fully generic RNG API.
This makes it possible to register additional RNGs from modules. With this
patch series applied, Laptops with a bcm43xx chip (PowerBook) have a HW RNG
available now.
Additionally two new RNG drivers are added for the "ixp4xx" and "omap"
devices. (Written by Deepak Saxena). This patch series includes the old
patches by Deepak Saxena.
The old x86-rng driver has beed split.
The userspace RNG daemon can later be updated to select the RNG through
/sys/class/misc/hw_random/ for convenience. For now it is sufficient to use
cat and echo -n on the sysfs attributes.
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Acked-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
From: Milton Miller <miltonm@bga.com>
The add_preferred_console call in rtas_console.c was not causing the
console to be selected. It turns out that the add_preferred_console was
being called after the hvc_console driver was registered. It only works
when it is called before the console driver is registered.
Reorder hvc_console.o after the hvc_console drivers to allow the selection
during console_initcall processing.
Signed-off-by: Milton Miller <miltonm@bga.com>
Signed-off-by: Anton Blanchard <anton@samba.org>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This patch updates VR4100 series RTC driver.
* This driver supports new RTC subsystem.
* Simple set time/read time test worked fine.
Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Current Cell hardware is using the console through a set
of rtas calls. This driver is needed to get console
output on those boards.
Signed-off-by: Arnd Bergmann <abergman@de.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
These are some updates from both Ryan and Arnd for the hvc_console
driver:
The main point is to enable the inclusion of a console driver
for rtas, which is currrently needed for the cell platform.
Also shuffle around some data-type declarations and moves some
functions out of include/asm-ppc64/hvconsole.h and into a new
drivers/char/hvc_console.h file.
Signed-off-by: "Ryan S. Arnold" <rsa@us.ibm.com>
Signed-off-by: Arnd Bergmann <abergman@de.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
this trivial patch tabifies drivers/char/Makefile for readability.
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
used by this driver reside.
Renamed ip2.c to ip2base.c to allow ip2.o to be built from multiple
objects.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Acked-by: Michael H. Warfield <mhw@WittsEnd.com>
A simple driver for the CS5535 and CS5536 that allows a user-space program
to manipulate GPIO pins. The CS5535/CS5536 chips are Geode processor
companion devices.
Signed-off-by: Ben Gardner <bgardner@wabtec.com>
Signed-off-by: Richard Knutsson <ricknu-0@student.ltu.se>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
New character device driver for the SyncLink GT and SyncLink AC families of
synchronous and asynchronous serial adapters
Signed-off-by: Paul Fulghum <paulkf@microgate.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Remove all the vio device driver code from hvc_console.c
This will allow us to separate hvsi, hvc, and allow hvc_console to be used
without the ppc64 vio layer.
Signed-off-by: Milton Miller <miltonm@bga.com>
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The following is an update of the patch I sent yesterday
(3/9/05) incorporating suggestions from Christoph Hellwig and
Andreas Schwab. It allows Altix and Altix-like systems to
handle environmental events generated by the system controllers,
and should apply on top of Jack Steiner's patch of 3/1/05 ("New
chipset support for SN platform") and Mark Goodwin's patch of
3/8/05 ("Altix SN topology support for new chipsets and pci
topology").
Signed-off-by: Greg Howard <ghoward@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
This patch is to provide CX port infrastructure for SGI TIO-based
h/w. Also a 'core services' driver for SGI FPGA-based h/w.
Signed-off-by: Bruce Losure <blosure@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.
Let it rip!