aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-05-23 16:35:28 -0400
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-05-23 16:35:28 -0400
commitbccf6ae083318ea08094d6ab185fdf7c49906b3a (patch)
tree0dc4fabe9004aa666e646c69e976fda989c08565
parentbfb4496e7239c9132d732a65cdcf3d6a7431ad1a (diff)
AUDIT: Unify auid reporting, put arch before syscall number
These changes make processing of audit logs easier. Based on a patch from Steve Grubb <sgrubb@redhat.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
-rw-r--r--kernel/audit.c10
-rw-r--r--kernel/auditsc.c8
2 files changed, 9 insertions, 9 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 35306f4369e..ef35166fdc2 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -234,7 +234,7 @@ static int audit_set_rate_limit(int limit, uid_t loginuid)
234 int old = audit_rate_limit; 234 int old = audit_rate_limit;
235 audit_rate_limit = limit; 235 audit_rate_limit = limit;
236 audit_log(NULL, AUDIT_CONFIG_CHANGE, 236 audit_log(NULL, AUDIT_CONFIG_CHANGE,
237 "audit_rate_limit=%d old=%d by auid %u", 237 "audit_rate_limit=%d old=%d by auid=%u",
238 audit_rate_limit, old, loginuid); 238 audit_rate_limit, old, loginuid);
239 return old; 239 return old;
240} 240}
@@ -244,7 +244,7 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid)
244 int old = audit_backlog_limit; 244 int old = audit_backlog_limit;
245 audit_backlog_limit = limit; 245 audit_backlog_limit = limit;
246 audit_log(NULL, AUDIT_CONFIG_CHANGE, 246 audit_log(NULL, AUDIT_CONFIG_CHANGE,
247 "audit_backlog_limit=%d old=%d by auid %u", 247 "audit_backlog_limit=%d old=%d by auid=%u",
248 audit_backlog_limit, old, loginuid); 248 audit_backlog_limit, old, loginuid);
249 return old; 249 return old;
250} 250}
@@ -256,7 +256,7 @@ static int audit_set_enabled(int state, uid_t loginuid)
256 return -EINVAL; 256 return -EINVAL;
257 audit_enabled = state; 257 audit_enabled = state;
258 audit_log(NULL, AUDIT_CONFIG_CHANGE, 258 audit_log(NULL, AUDIT_CONFIG_CHANGE,
259 "audit_enabled=%d old=%d by auid %u", 259 "audit_enabled=%d old=%d by auid=%u",
260 audit_enabled, old, loginuid); 260 audit_enabled, old, loginuid);
261 return old; 261 return old;
262} 262}
@@ -270,7 +270,7 @@ static int audit_set_failure(int state, uid_t loginuid)
270 return -EINVAL; 270 return -EINVAL;
271 audit_failure = state; 271 audit_failure = state;
272 audit_log(NULL, AUDIT_CONFIG_CHANGE, 272 audit_log(NULL, AUDIT_CONFIG_CHANGE,
273 "audit_failure=%d old=%d by auid %u", 273 "audit_failure=%d old=%d by auid=%u",
274 audit_failure, old, loginuid); 274 audit_failure, old, loginuid);
275 return old; 275 return old;
276} 276}
@@ -424,7 +424,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
424 int old = audit_pid; 424 int old = audit_pid;
425 audit_pid = status_get->pid; 425 audit_pid = status_get->pid;
426 audit_log(NULL, AUDIT_CONFIG_CHANGE, 426 audit_log(NULL, AUDIT_CONFIG_CHANGE,
427 "audit_pid=%d old=%d by auid %u", 427 "audit_pid=%d old=%d by auid=%u",
428 audit_pid, old, loginuid); 428 audit_pid, old, loginuid);
429 } 429 }
430 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) 430 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 74c2ae804ca..5fc4f52d218 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -307,7 +307,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
307 if (!err && (flags & AUDIT_AT_EXIT)) 307 if (!err && (flags & AUDIT_AT_EXIT))
308 err = audit_add_rule(entry, &audit_extlist); 308 err = audit_add_rule(entry, &audit_extlist);
309 audit_log(NULL, AUDIT_CONFIG_CHANGE, 309 audit_log(NULL, AUDIT_CONFIG_CHANGE,
310 "auid %u added an audit rule\n", loginuid); 310 "auid=%u added an audit rule\n", loginuid);
311 break; 311 break;
312 case AUDIT_DEL: 312 case AUDIT_DEL:
313 flags =((struct audit_rule *)data)->flags; 313 flags =((struct audit_rule *)data)->flags;
@@ -318,7 +318,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
318 if (!err && (flags & AUDIT_AT_EXIT)) 318 if (!err && (flags & AUDIT_AT_EXIT))
319 err = audit_del_rule(data, &audit_extlist); 319 err = audit_del_rule(data, &audit_extlist);
320 audit_log(NULL, AUDIT_CONFIG_CHANGE, 320 audit_log(NULL, AUDIT_CONFIG_CHANGE,
321 "auid %u removed an audit rule\n", loginuid); 321 "auid=%u removed an audit rule\n", loginuid);
322 break; 322 break;
323 default: 323 default:
324 return -EINVAL; 324 return -EINVAL;
@@ -678,10 +678,10 @@ static void audit_log_exit(struct audit_context *context)
678 ab = audit_log_start(context, AUDIT_SYSCALL); 678 ab = audit_log_start(context, AUDIT_SYSCALL);
679 if (!ab) 679 if (!ab)
680 return; /* audit_panic has been called */ 680 return; /* audit_panic has been called */
681 audit_log_format(ab, "syscall=%d", context->major); 681 audit_log_format(ab, "arch=%x syscall=%d",
682 context->arch, context->major);
682 if (context->personality != PER_LINUX) 683 if (context->personality != PER_LINUX)
683 audit_log_format(ab, " per=%lx", context->personality); 684 audit_log_format(ab, " per=%lx", context->personality);
684 audit_log_format(ab, " arch=%x", context->arch);
685 if (context->return_valid) 685 if (context->return_valid)
686 audit_log_format(ab, " success=%s exit=%ld", 686 audit_log_format(ab, " success=%s exit=%ld",
687 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", 687 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",