Commit Graph

30 Commits

Author SHA1 Message Date
Miloslav Trmac 522ed7767e Audit: add TTY input auditing
Add TTY input auditing, used to audit system administrator's actions.  This is
required by various security standards such as DCID 6/3 and PCI to provide
non-repudiation of administrator's actions and to allow a review of past
actions if the administrator seems to overstep their duties or if the system
becomes misconfigured for unknown reasons.  These requirements do not make it
necessary to audit TTY output as well.

Compared to an user-space keylogger, this approach records TTY input using the
audit subsystem, correlated with other audit events, and it is completely
transparent to the user-space application (e.g.  the console ioctls still
work).

TTY input auditing works on a higher level than auditing all system calls
within the session, which would produce an overwhelming amount of mostly
useless audit events.

Add an "audit_tty" attribute, inherited across fork ().  Data read from TTYs
by process with the attribute is sent to the audit subsystem by the kernel.
The audit netlink interface is extended to allow modifying the audit_tty
attribute, and to allow sending explanatory audit events from user-space (for
example, a shell might send an event containing the final command, after the
interactive command-line editing and history expansion is performed, which
might be difficult to decipher from the TTY input alone).

Because the "audit_tty" attribute is inherited across fork (), it would be set
e.g.  for sshd restarted within an audited session.  To prevent this, the
audit_tty attribute is cleared when a process with no open TTY file
descriptors (e.g.  after daemon startup) opens a TTY.

See https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a
more detailed rationale document for an older version of this patch.

[akpm@linux-foundation.org: build fix]
Signed-off-by: Miloslav Trmac <mitr@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Paul Fulghum <paulkf@microgate.com>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-16 09:05:47 -07:00
Yoichi Yuasa 0976251676 rename TANBAC TB0219 config
Rename config for TANBAC TB0219 GPIO support to something more appropriate.

Fixes this:

drivers/char/Kconfig:906:warning: type of 'TANBAC_TB0219' redefined from 'boolean' to 'tristate'
drivers/char/Kconfig:907:warning: choice values currently only support a single
prompt

Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Acked-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-07 12:13:04 -07:00
Ralf Baechle 7726942fb1 [APM] Add shared version of APM emulation
Currently ARM and MIPS both have nearly identical copies of the APM
emulation code in their arch code.  Add yet another copy of it to
drivers char and make it selectable through SYS_SUPPORTS_APM_EMULATION.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-02-09 17:08:57 +00:00
Ishizaki Kou 3cdc20e517 [POWERPC] Celleb: hypervisor console driver
This patch adds hypervisor console driver for Celleb platform.

Signed-off-by: Kou Ishizaki <kou.ishizaki@toshiba.co.jp>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2007-02-07 14:03:21 +11:00
Jiri Slaby 037ad48bdb [PATCH] mxser: make an experimental clone
Clone a new driver for moxa smartio devices by copying mxser.c to mxser_new.c
and mxser.h to mxser_new.h.  No other changes are made.

This is for purposes of updating the driver to the latest vendor version.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-08 08:28:53 -08:00
Jeff Garzik d916faace3 Remove long-unmaintained ftape driver subsystem.
It's bitrotten, long unmaintained, long hidden under BROKEN_ON_SMP,
etc.  As scheduled in feature-removal-schedule.txt, and ack'd several
times on lkml.

Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-12-03 22:22:41 -05:00
Yoichi Yuasa af8b128719 [MIPS] Remove IT8172-based platforms, ITE 8172G and Globespan IVR support.
As per feature-removal-schedule.txt.

Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-10-03 17:59:17 +01:00
Ben Dooks d202a6c088 [PATCH] Remove old drivers/char/s3c2410_rtc.c
This can now be removed, since there is now a drivers/rtc/rtc-s3c.c driver.

Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-09-29 09:18:13 -07:00
Jes Sorensen 17a3b05047 [PATCH] mspec driver
Implement the special memory driver (mspec) based on the do_no_pfn
approach.  The driver is currently used only on SN2 hardware with special
fetchop support but could be beneficial on other architectures using the
uncached mode.

Signed-off-by: Jes Sorensen <jes@sgi.com>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-09-27 08:26:13 -07:00
Stephen Rothwell 8bff05b052 [POWERPC] iseries: A new iSeries console
This driver uses the hvc_console.c infrastructure that is used by the
pSeries virtual and RTAS consoles.  This will allow us to make viocons.c
obsolete and is another step along the way to a combined kernel (as
viocons could not coexist with CONFIG_VT).

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
2006-07-13 18:51:22 +10:00
Benjamin Herrenschmidt a45b83957d [POWERPC] Add support for briq front panel
This adds the driver for the Briq front panel. This is a cleaned up
version of a driver that has been floating around for some time now,
initially written by Karsten Jeppesen <karsten@jeppesens.com> and
cleaned up by jk and myself.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-07-07 20:19:16 +10:00
Jim Cromie 7a8e2a5ea4 [PATCH] chardev: GPIO for SCx200 & PC-8736x: add proper Kconfig, Makefile entries
Replace the temp makefile hacks with proper CONFIG entries, which are also
added to Kconfig.

Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 17:32:43 -07:00
Jim Cromie 681a3e7dab [PATCH] chardev: GPIO for SCx200 & PC-8736x: add new pc8736x_gpio module
Add the brand new pc8736x_gpio driver.  This is mostly based upon
scx200_gpio.c, but the platform_dev is treated separately, since its fairly
big too.

Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 17:32:43 -07:00
Jim Cromie 1ca5df0a4c [PATCH] chardev: GPIO for SCx200 & PC-8736x: add empty common-module
Add the nsc_gpio common-support module as an empty shell.  Next patch starts
the migration of the common gpio support routines.

Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-27 17:32:42 -07:00
Michael Buesch 844dd05fec [PATCH] Add new generic HW RNG core
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Cc: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-26 09:58:19 -07:00
Michael Buesch 59f5d35f83 [PATCH] Remove old HW RNG support
This patch series replaces the old non-generic Hardware Random Number
Generator support by a fully generic RNG API.

This makes it possible to register additional RNGs from modules.  With this
patch series applied, Laptops with a bcm43xx chip (PowerBook) have a HW RNG
available now.

Additionally two new RNG drivers are added for the "ixp4xx" and "omap"
devices.  (Written by Deepak Saxena).  This patch series includes the old
patches by Deepak Saxena.

The old x86-rng driver has beed split.

The userspace RNG daemon can later be updated to select the RNG through
/sys/class/misc/hw_random/ for convenience.  For now it is sufficient to use
cat and echo -n on the sysfs attributes.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Acked-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-26 09:58:19 -07:00
Milton Miller 938473b246 [PATCH] powerpc: console_initcall ordering issues
From: Milton Miller <miltonm@bga.com>

The add_preferred_console call in rtas_console.c was not causing the
console to be selected.  It turns out that the add_preferred_console was
being called after the hvc_console driver was registered.  It only works
when it is called before the console driver is registered.

Reorder hvc_console.o after the hvc_console drivers to allow the selection
during console_initcall processing.

Signed-off-by: Milton Miller <miltonm@bga.com>
Signed-off-by: Anton Blanchard <anton@samba.org>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-10 11:02:05 -07:00
Yoichi Yuasa 8417eb7a16 [PATCH] RTC subsystem: VR41XX driver
This patch updates VR4100 series RTC driver.

* This driver supports new RTC subsystem.
* Simple set time/read time test worked fine.

Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-11 06:18:47 -07:00
Arnd Bergmann f4d1749e95 [PATCH] powerpc: add hvc backend for rtas
Current Cell hardware is using the console through a set
of rtas calls. This driver is needed to get console
output on those boards.

Signed-off-by: Arnd Bergmann <abergman@de.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-28 16:45:28 +11:00
Ryan S. Arnold 45d607ed92 [PATCH] powerpc: hvc_console updates
These are some updates from both Ryan and Arnd for the hvc_console
driver:

The main point is to enable the inclusion of a console driver
for rtas, which is currrently needed for the cell platform.

Also shuffle around some data-type declarations and moves some
functions out of include/asm-ppc64/hvconsole.h and into a new
drivers/char/hvc_console.h file.

Signed-off-by: "Ryan S. Arnold" <rsa@us.ibm.com>
Signed-off-by: Arnd Bergmann <abergman@de.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-28 16:45:26 +11:00
Jim Cromie 5381315801 tabify drivers/char/Makefile
this trivial patch tabifies drivers/char/Makefile for readability.

Signed-off-by: Jim Cromie  <jim.cromie@gmail.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
2006-03-24 18:10:34 +01:00
Adrian Bunk 9c4b562abc Move ip2.c and ip2main.c to drivers/char/ip2/ where the other files
used by this driver reside.

Renamed ip2.c to ip2base.c to allow ip2.o to be built from multiple
objects.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Acked-by: Michael H. Warfield <mhw@WittsEnd.com>
2006-01-19 18:07:10 +01:00
Ben Gardner e329113ca4 [PATCH] i386: GPIO driver for AMD CS5535/CS5536
A simple driver for the CS5535 and CS5536 that allows a user-space program
to manipulate GPIO pins.  The CS5535/CS5536 chips are Geode processor
companion devices.

Signed-off-by: Ben Gardner <bgardner@wabtec.com>
Signed-off-by: Richard Knutsson <ricknu-0@student.ltu.se>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-10 08:01:24 -08:00
Paul Fulghum 705b6c7b34 [PATCH] new driver synclink_gt
New character device driver for the SyncLink GT and SyncLink AC families of
synchronous and asynchronous serial adapters

Signed-off-by: Paul Fulghum <paulkf@microgate.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-08 20:13:45 -08:00
Mark Gross 1a80ba8827 [PATCH] Telecom Clock Driver for MPCBL0010 ATCA computer blade
Signed-off-by: Mark Gross <mgross@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-10-30 17:37:25 -08:00
Milton Miller acad9559f1 [PATCH] hvc_console: Separate hvc_console and vio code 2
Remove all the vio device driver code from hvc_console.c

This will allow us to separate hvsi, hvc, and allow hvc_console to be used
without the ppc64 vio layer.

Signed-off-by: Milton Miller <miltonm@bga.com>
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-07 18:23:39 -07:00
Yoichi Yuasa e400bae984 [PATCH] mips: add vr41xx gpio support
Add vr41xx gpio support.

Signed-off-by: Yoichi Yuasa <yuasa@hh.iij4u.or.jp>
Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-21 18:46:32 -07:00
Greg Howard 67639deb09 [IA64] Altix system controller event handling
The following is an update of the patch I sent yesterday
(3/9/05) incorporating suggestions from Christoph Hellwig and
Andreas Schwab.  It allows Altix and Altix-like systems to
handle environmental events generated by the system controllers,
and should apply on top of Jack Steiner's patch of 3/1/05 ("New
chipset support for SN platform") and Mark Goodwin's patch of
3/8/05 ("Altix SN topology support for new chipsets and pci
topology").

Signed-off-by: Greg Howard <ghoward@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
2005-04-25 13:28:52 -07:00
Bruce Losure e1e19747ec [IA64-SGI] Bus driver for the CX port of SGI's TIO chip.
This patch is to provide CX port infrastructure for SGI TIO-based
h/w.   Also a 'core services' driver for SGI FPGA-based h/w.
                                                                                
Signed-off-by: Bruce Losure <blosure@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
2005-04-25 13:09:41 -07:00
Linus Torvalds 1da177e4c3 Linux-2.6.12-rc2
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.

Let it rip!
2005-04-16 15:20:36 -07:00