Re: [PATCH] the loginuid field should be output in all AUDIT_CONFIG_CHANGE audit messages

> shouldn't these be using the "audit_get_loginuid(current)" and if we > are going to output loginuid we also should be outputting sessionid Thanks for your detailed explanation. I have made a new patch for outputing "loginuid" and "sessionid" by audit_get_loginuid(current) and audit_get_sessionid(current). If there are some deficiencies, please give me your indication. Signed-off-by: Zhang Xiliang <zhangxiliang@cn.fujitsu.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Re: [PATCH] the loginuid field should be output in all AUDIT_CONFIG_CHANGE audit messages
> shouldn't these be using the "audit_get_loginuid(current)" and if we > are going to output loginuid we also should be outputting sessionid Thanks for your detailed explanation. I have made a new patch for outputing "loginuid" and "sessionid" by audit_get_loginuid(current) and audit_get_sessionid(current). If there are some deficiencies, please give me your indication. Signed-off-by: Zhang Xiliang <zhangxiliang@cn.fujitsu.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
zhangxiliang · Al Viro
1 parent 1d6c9649e2
Showing 1 changed file with 8 additions and 2 deletions Side-by-side Diff
kernel/auditfilter.c
@@ -1022,8 +1022,11 @@
 			struct audit_buffer *ab;
 			ab = audit_log_start(NULL, GFP_KERNEL,
 				AUDIT_CONFIG_CHANGE);
+			audit_log_format(ab, "auid=%u ses=%u",
+				audit_get_loginuid(current),
+				audit_get_sessionid(current));
 			audit_log_format(ab,
-				"op=updated rules specifying path=");
+				" op=updated rules specifying path=");
 			audit_log_untrustedstring(ab, owatch->path);
 			audit_log_format(ab, " with dev=%u ino=%lu\n",
 				 dev, ino);
@@ -1058,7 +1061,10 @@
 				struct audit_buffer *ab;
 				ab = audit_log_start(NULL, GFP_KERNEL,
 					AUDIT_CONFIG_CHANGE);
-				audit_log_format(ab, "op=remove rule path=");
+				audit_log_format(ab, "auid=%u ses=%u",
+					audit_get_loginuid(current),
+					audit_get_sessionid(current));
+				audit_log_format(ab, " op=remove rule path=");
 				audit_log_untrustedstring(ab, w->path);
 				if (r->filterkey) {
 					audit_log_format(ab, " key=");
...	...	@@ -1022,8 +1022,11 @@
1022	1022	struct audit_buffer *ab;
1023	1023	ab = audit_log_start(NULL, GFP_KERNEL,
1024	1024	AUDIT_CONFIG_CHANGE);
	1025	+ audit_log_format(ab, "auid=%u ses=%u",
	1026	+ audit_get_loginuid(current),
	1027	+ audit_get_sessionid(current));
1025	1028	audit_log_format(ab,
1026		- "op=updated rules specifying path=");
	1029	+ " op=updated rules specifying path=");
1027	1030	audit_log_untrustedstring(ab, owatch->path);
1028	1031	audit_log_format(ab, " with dev=%u ino=%lu\n",
1029	1032	dev, ino);
...	...	@@ -1058,7 +1061,10 @@
1058	1061	struct audit_buffer *ab;
1059	1062	ab = audit_log_start(NULL, GFP_KERNEL,
1060	1063	AUDIT_CONFIG_CHANGE);
1061		- audit_log_format(ab, "op=remove rule path=");
	1064	+ audit_log_format(ab, "auid=%u ses=%u",
	1065	+ audit_get_loginuid(current),
	1066	+ audit_get_sessionid(current));
	1067	+ audit_log_format(ab, " op=remove rule path=");
1062	1068	audit_log_untrustedstring(ab, w->path);
1063	1069	if (r->filterkey) {
1064	1070	audit_log_format(ab, " key=");