[PATCH] minor update to rule add/delete messages (ver 2)

I was looking at parsing some of these messages and found that I wanted what it was doing next to an op= for the parser to key on. Also missing was the list number and results. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

[PATCH] minor update to rule add/delete messages (ver 2)
I was looking at parsing some of these messages and found that I wanted what it was doing next to an op= for the parser to key on. Also missing was the list number and results. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Steve Grubb · Al Viro
1 parent 8a03d9a498
Showing 1 changed file with 5 additions and 4 deletions Side-by-side Diff
kernel/auditfilter.c
@@ -937,9 +937,10 @@
 		}
  
 		ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
-		audit_log_format(ab, "audit updated rules specifying path=");
+		audit_log_format(ab, "op=updated rules specifying path=");
 		audit_log_untrustedstring(ab, owatch->path);
 		audit_log_format(ab, " with dev=%u ino=%lu\n", dev, ino);
+		audit_log_format(ab, " list=%d res=1", r->listnr);
 		audit_log_end(ab);
  
 		audit_remove_watch(owatch);
  
@@ -969,14 +970,14 @@
 			e = container_of(r, struct audit_entry, rule);
  
 			ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
-			audit_log_format(ab, "audit implicitly removed rule path=");
+			audit_log_format(ab, "op=remove rule path=");
 			audit_log_untrustedstring(ab, w->path);
 			if (r->filterkey) {
 				audit_log_format(ab, " key=");
 				audit_log_untrustedstring(ab, r->filterkey);
 			} else
 				audit_log_format(ab, " key=(null)");
-			audit_log_format(ab, " list=%d", r->listnr);
+			audit_log_format(ab, " list=%d res=1", r->listnr);
 			audit_log_end(ab);
  
 			list_del(&r->rlist);
@@ -1410,7 +1411,7 @@
 			audit_log_format(ab, " subj=%s", ctx);
 		kfree(ctx);
 	}
-	audit_log_format(ab, " %s rule key=", action);
+	audit_log_format(ab, " op=%s rule key=", action);
 	if (rule->filterkey)
 		audit_log_untrustedstring(ab, rule->filterkey);
 	else
...	...	@@ -937,9 +937,10 @@
937	937	}
938	938
939	939	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
940		- audit_log_format(ab, "audit updated rules specifying path=");
	940	+ audit_log_format(ab, "op=updated rules specifying path=");
941	941	audit_log_untrustedstring(ab, owatch->path);
942	942	audit_log_format(ab, " with dev=%u ino=%lu\n", dev, ino);
	943	+ audit_log_format(ab, " list=%d res=1", r->listnr);
943	944	audit_log_end(ab);
944	945
945	946	audit_remove_watch(owatch);
946	947
...	...	@@ -969,14 +970,14 @@
969	970	e = container_of(r, struct audit_entry, rule);
970	971
971	972	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
972		- audit_log_format(ab, "audit implicitly removed rule path=");
	973	+ audit_log_format(ab, "op=remove rule path=");
973	974	audit_log_untrustedstring(ab, w->path);
974	975	if (r->filterkey) {
975	976	audit_log_format(ab, " key=");
976	977	audit_log_untrustedstring(ab, r->filterkey);
977	978	} else
978	979	audit_log_format(ab, " key=(null)");
979		- audit_log_format(ab, " list=%d", r->listnr);
	980	+ audit_log_format(ab, " list=%d res=1", r->listnr);
980	981	audit_log_end(ab);
981	982
982	983	list_del(&r->rlist);
...	...	@@ -1410,7 +1411,7 @@
1410	1411	audit_log_format(ab, " subj=%s", ctx);
1411	1412	kfree(ctx);
1412	1413	}
1413		- audit_log_format(ab, " %s rule key=", action);
	1414	+ audit_log_format(ab, " op=%s rule key=", action);
1414	1415	if (rule->filterkey)
1415	1416	audit_log_untrustedstring(ab, rule->filterkey);
1416	1417	else