[PATCH] selinux: print leading 0x on ioctlcmd audits

William Roberts bill.c.roberts at gmail.com
Thu Jul 14 23:18:54 UTC 2016 

On Thu, Jul 14, 2016 at 3:17 PM, Paul Moore <paul at paul-moore.com> wrote:

> On Thu, Jul 14, 2016 at 3:29 PM,  <william.c.roberts at intel.com> wrote:
> > From: William Roberts <william.c.roberts at intel.com>
> >
> > ioctlcmd is currently printing hex numbers, but their is no leading
> > 0x. Thus things like ioctlcmd=1234 are misleading, as the base is
> > not evident.
> >
> > Correct this by adding 0x as a prefix, so ioctlcmd=1234 becomes
> ioctlcmd=0x1234.
> >
> > Signed-off-by: William Roberts <william.c.roberts at intel.com>
> > ---
> >  security/lsm_audit.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
>
> NOTE: adding Steve Grubb and the audit mailing list to the CC line
>
> Like it or not, I believe the general standard/convention when it
> comes to things like this is to leave off the "0x" prefix; the idea
> being that is saves precious space in the audit logs and the value is
> only ever going to be in hex anyway.
>

Is it always in hex, what about pid?


>
> > diff --git a/security/lsm_audit.c b/security/lsm_audit.c
> > index cccbf30..82e4dbb 100644
> > --- a/security/lsm_audit.c
> > +++ b/security/lsm_audit.c
> > @@ -257,7 +257,7 @@ static void dump_common_audit_data(struct
> audit_buffer *ab,
> >                         audit_log_format(ab, " ino=%lu", inode->i_ino);
> >                 }
> >
> > -               audit_log_format(ab, " ioctlcmd=%hx", a->u.op->cmd);
> > +               audit_log_format(ab, " ioctlcmd=0x%hx", a->u.op->cmd);
> >                 break;
> >         }
> >         case LSM_AUDIT_DATA_DENTRY: {
> > --
> > 1.9.1
> >
> > _______________________________________________
> > Selinux mailing list
> > Selinux at tycho.nsa.gov
> > To unsubscribe, send email to Selinux-leave at tycho.nsa.gov.
> > To get help, send an email containing "help" to
> Selinux-request at tycho.nsa.gov.
>
> --
> paul moore
> www.paul-moore.com
> _______________________________________________
> Selinux mailing list
> Selinux at tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave at tycho.nsa.gov.
> To get help, send an email containing "help" to
> Selinux-request at tycho.nsa.gov.
>



-- 
Respectfully,

William C Roberts
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20160714/31f00919/attachment.htm>

More information about the Linux-audit mailing list