Commit d81165919ebf6e1cb9eeb612150f9287ad414659
Committed by
Al Viro
1 parent
939cbf260c
Exists in
master
and in
20 other branches
lsm: Use a compressed IPv6 string format in audit events
Currently the audit subsystem prints uncompressed IPv6 addresses which not only differs from common usage but also results in ridiculously large audit strings which is not a good thing. This patch fixes this by simply converting audit to always print compressed IPv6 addresses. Old message example: audit(1253576792.161:30): avc: denied { ingress } for saddr=0000:0000:0000:0000:0000:0000:0000:0001 src=5000 daddr=0000:0000:0000:0000:0000:0000:0000:0001 dest=35502 netif=lo scontext=system_u:object_r:unlabeled_t:s15:c0.c1023 tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif New message example: audit(1253576792.161:30): avc: denied { ingress } for saddr=::1 src=5000 daddr=::1 dest=35502 netif=lo scontext=system_u:object_r:unlabeled_t:s15:c0.c1023 tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Showing 1 changed file with 1 additions and 1 deletions Side-by-side Diff
security/lsm_audit.c
... | ... | @@ -187,7 +187,7 @@ |
187 | 187 | char *name1, char *name2) |
188 | 188 | { |
189 | 189 | if (!ipv6_addr_any(addr)) |
190 | - audit_log_format(ab, " %s=%pI6", name1, addr); | |
190 | + audit_log_format(ab, " %s=%pI6c", name1, addr); | |
191 | 191 | if (port) |
192 | 192 | audit_log_format(ab, " %s=%d", name2, ntohs(port)); |
193 | 193 | } |