[PATCH] Fix AUDIT_MAC_POLICY_LOAD event formatting
Steve Grubb
sgrubb at redhat.com
Mon Nov 21 17:30:45 UTC 2016
The AUDIT_MAC_POLICY_LOAD event has dangling text that means the same thing
as the event type and is missing the uid and results field. The bigger issue
is that in some failure cases no event is emitted. This patch fixes the noted
problems.
Signed-off-by: Steve Grubb <sgrubb at redhat.com>
---
--- vanilla-4.9-rc5.orig/security/selinux/selinuxfs.c 2016-11-16 15:16:34.738723900 -0500
+++ linux-4.9.0-0.rc5.git0.1.fc24.x86_64/security/selinux/selinuxfs.c 2016-11-21 12:16:08.046787604 -0500
@@ -494,6 +494,7 @@ static ssize_t sel_write_load(struct fil
{
ssize_t length;
void *data = NULL;
+ unsigned int result = 0;
mutex_lock(&sel_mutex);
@@ -525,24 +526,26 @@ static ssize_t sel_write_load(struct fil
length = sel_make_bools();
if (length)
- goto out1;
+ goto out;
length = sel_make_classes();
if (length)
- goto out1;
+ goto out;
length = sel_make_policycap();
if (length)
- goto out1;
+ goto out;
length = count;
+ result = 1;
-out1:
+out:
audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
- "policy loaded auid=%u ses=%u",
+ "uid=%u auid=%u ses=%u res=%u",
+ from_kuid(&init_user_ns, task_uid(current)),
from_kuid(&init_user_ns, audit_get_loginuid(current)),
- audit_get_sessionid(current));
-out:
+ audit_get_sessionid(current), result);
+
mutex_unlock(&sel_mutex);
vfree(data);
return length;
More information about the Linux-audit
mailing list