Commit 036bbf76ad9f83781590623111b80ba0b82930ac
Committed by
Al Viro
1 parent
1d6c9649e2
Exists in
master
and in
4 other branches
Re: [PATCH] the loginuid field should be output in all AUDIT_CONFIG_CHANGE audit messages
> shouldn't these be using the "audit_get_loginuid(current)" and if we > are going to output loginuid we also should be outputting sessionid Thanks for your detailed explanation. I have made a new patch for outputing "loginuid" and "sessionid" by audit_get_loginuid(current) and audit_get_sessionid(current). If there are some deficiencies, please give me your indication. Signed-off-by: Zhang Xiliang <zhangxiliang@cn.fujitsu.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Showing 1 changed file with 8 additions and 2 deletions Side-by-side Diff
kernel/auditfilter.c
... | ... | @@ -1022,8 +1022,11 @@ |
1022 | 1022 | struct audit_buffer *ab; |
1023 | 1023 | ab = audit_log_start(NULL, GFP_KERNEL, |
1024 | 1024 | AUDIT_CONFIG_CHANGE); |
1025 | + audit_log_format(ab, "auid=%u ses=%u", | |
1026 | + audit_get_loginuid(current), | |
1027 | + audit_get_sessionid(current)); | |
1025 | 1028 | audit_log_format(ab, |
1026 | - "op=updated rules specifying path="); | |
1029 | + " op=updated rules specifying path="); | |
1027 | 1030 | audit_log_untrustedstring(ab, owatch->path); |
1028 | 1031 | audit_log_format(ab, " with dev=%u ino=%lu\n", |
1029 | 1032 | dev, ino); |
... | ... | @@ -1058,7 +1061,10 @@ |
1058 | 1061 | struct audit_buffer *ab; |
1059 | 1062 | ab = audit_log_start(NULL, GFP_KERNEL, |
1060 | 1063 | AUDIT_CONFIG_CHANGE); |
1061 | - audit_log_format(ab, "op=remove rule path="); | |
1064 | + audit_log_format(ab, "auid=%u ses=%u", | |
1065 | + audit_get_loginuid(current), | |
1066 | + audit_get_sessionid(current)); | |
1067 | + audit_log_format(ab, " op=remove rule path="); | |
1062 | 1068 | audit_log_untrustedstring(ab, w->path); |
1063 | 1069 | if (r->filterkey) { |
1064 | 1070 | audit_log_format(ab, " key="); |