[PATCH] Audit: do not print error when SELinux disabled
Casey Schaufler
casey at schaufler-ca.com
Wed Oct 24 03:53:43 UTC 2012
On 10/23/2012 5:58 AM, Eric Paris wrote:
> RHBZ: 785936
> About to be posted upstream
>
> If the audit system collects a record about one process sending a signal
> to another process it includes in that collection the 'secid' or 'an int
> used to represet an SELinux label.' If SELinux is disabled it will
> collect a 0. The problem is that when we attempt to print that record
> we ask the LSM to convert the secid back to a string. Since there is no
> LSM it returns EOPNOTSUPP.
Err, what about Smack?
>
> Most code in the audit system checks if the secid is 0 and does not
> print LSM info in that case. The signal information code however forgot
> that check. Thus users will see a message in syslog indicating that
> converting the sid to string failed. Add the right check.
>
> Signed-off-by: Eric Paris <eparis at redhat.com>
>
> ---
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 857f2e2..1f5cc03 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1195,12 +1195,14 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
>
> audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, auid,
> uid, sessionid);
> - if (security_secid_to_secctx(sid, &ctx, &len)) {
> - audit_log_format(ab, " obj=(none)");
> - rc = 1;
> - } else {
> - audit_log_format(ab, " obj=%s", ctx);
> - security_release_secctx(ctx, len);
> + if (sid) {
> + if (security_secid_to_secctx(sid, &ctx, &len)) {
> + audit_log_format(ab, " obj=(none)");
> + rc = 1;
> + } else {
> + audit_log_format(ab, " obj=%s", ctx);
> + security_release_secctx(ctx, len);
> + }
> }
> audit_log_format(ab, " ocomm=");
> audit_log_untrustedstring(ab, comm);
>
>
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
More information about the Linux-audit
mailing list