seccomp: Configurable separator for the actions_logged string

The function that converts a bitmask of seccomp actions that are
allowed to be logged is currently only used for constructing the display
string for the kernel.seccomp.actions_logged sysctl. That string wants a
space character to be used for the separator between actions.

A future patch will make use of the same function for building a string
that will be sent to the audit subsystem for tracking modifications to
the kernel.seccomp.actions_logged sysctl. That string will need to use a
comma as a separator. This patch allows the separator character to be
configurable to meet both needs.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Tyler Hicks 2018-05-04 01:08:13 +00:00 committed by Paul Moore
parent d013db0294
commit beb44acaf0

View File

@ -1135,10 +1135,11 @@ static const struct seccomp_log_name seccomp_log_names[] = {
}; };
static bool seccomp_names_from_actions_logged(char *names, size_t size, static bool seccomp_names_from_actions_logged(char *names, size_t size,
u32 actions_logged) u32 actions_logged,
const char *sep)
{ {
const struct seccomp_log_name *cur; const struct seccomp_log_name *cur;
bool append_space = false; bool append_sep = false;
for (cur = seccomp_log_names; cur->name && size; cur++) { for (cur = seccomp_log_names; cur->name && size; cur++) {
ssize_t ret; ssize_t ret;
@ -1146,15 +1147,15 @@ static bool seccomp_names_from_actions_logged(char *names, size_t size,
if (!(actions_logged & cur->log)) if (!(actions_logged & cur->log))
continue; continue;
if (append_space) { if (append_sep) {
ret = strscpy(names, " ", size); ret = strscpy(names, sep, size);
if (ret < 0) if (ret < 0)
return false; return false;
names += ret; names += ret;
size -= ret; size -= ret;
} else } else
append_space = true; append_sep = true;
ret = strscpy(names, cur->name, size); ret = strscpy(names, cur->name, size);
if (ret < 0) if (ret < 0)
@ -1208,7 +1209,7 @@ static int read_actions_logged(struct ctl_table *ro_table, void __user *buffer,
memset(names, 0, sizeof(names)); memset(names, 0, sizeof(names));
if (!seccomp_names_from_actions_logged(names, sizeof(names), if (!seccomp_names_from_actions_logged(names, sizeof(names),
seccomp_actions_logged)) seccomp_actions_logged, " "))
return -EINVAL; return -EINVAL;
table = *ro_table; table = *ro_table;