diff options
author | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-05-23 16:35:28 -0400 |
---|---|---|
committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-05-23 16:35:28 -0400 |
commit | bccf6ae083318ea08094d6ab185fdf7c49906b3a (patch) | |
tree | 0dc4fabe9004aa666e646c69e976fda989c08565 | |
parent | bfb4496e7239c9132d732a65cdcf3d6a7431ad1a (diff) |
AUDIT: Unify auid reporting, put arch before syscall number
These changes make processing of audit logs easier. Based on a patch
from Steve Grubb <sgrubb@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
-rw-r--r-- | kernel/audit.c | 10 | ||||
-rw-r--r-- | kernel/auditsc.c | 8 |
2 files changed, 9 insertions, 9 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 35306f4369e..ef35166fdc2 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -234,7 +234,7 @@ static int audit_set_rate_limit(int limit, uid_t loginuid) | |||
234 | int old = audit_rate_limit; | 234 | int old = audit_rate_limit; |
235 | audit_rate_limit = limit; | 235 | audit_rate_limit = limit; |
236 | audit_log(NULL, AUDIT_CONFIG_CHANGE, | 236 | audit_log(NULL, AUDIT_CONFIG_CHANGE, |
237 | "audit_rate_limit=%d old=%d by auid %u", | 237 | "audit_rate_limit=%d old=%d by auid=%u", |
238 | audit_rate_limit, old, loginuid); | 238 | audit_rate_limit, old, loginuid); |
239 | return old; | 239 | return old; |
240 | } | 240 | } |
@@ -244,7 +244,7 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid) | |||
244 | int old = audit_backlog_limit; | 244 | int old = audit_backlog_limit; |
245 | audit_backlog_limit = limit; | 245 | audit_backlog_limit = limit; |
246 | audit_log(NULL, AUDIT_CONFIG_CHANGE, | 246 | audit_log(NULL, AUDIT_CONFIG_CHANGE, |
247 | "audit_backlog_limit=%d old=%d by auid %u", | 247 | "audit_backlog_limit=%d old=%d by auid=%u", |
248 | audit_backlog_limit, old, loginuid); | 248 | audit_backlog_limit, old, loginuid); |
249 | return old; | 249 | return old; |
250 | } | 250 | } |
@@ -256,7 +256,7 @@ static int audit_set_enabled(int state, uid_t loginuid) | |||
256 | return -EINVAL; | 256 | return -EINVAL; |
257 | audit_enabled = state; | 257 | audit_enabled = state; |
258 | audit_log(NULL, AUDIT_CONFIG_CHANGE, | 258 | audit_log(NULL, AUDIT_CONFIG_CHANGE, |
259 | "audit_enabled=%d old=%d by auid %u", | 259 | "audit_enabled=%d old=%d by auid=%u", |
260 | audit_enabled, old, loginuid); | 260 | audit_enabled, old, loginuid); |
261 | return old; | 261 | return old; |
262 | } | 262 | } |
@@ -270,7 +270,7 @@ static int audit_set_failure(int state, uid_t loginuid) | |||
270 | return -EINVAL; | 270 | return -EINVAL; |
271 | audit_failure = state; | 271 | audit_failure = state; |
272 | audit_log(NULL, AUDIT_CONFIG_CHANGE, | 272 | audit_log(NULL, AUDIT_CONFIG_CHANGE, |
273 | "audit_failure=%d old=%d by auid %u", | 273 | "audit_failure=%d old=%d by auid=%u", |
274 | audit_failure, old, loginuid); | 274 | audit_failure, old, loginuid); |
275 | return old; | 275 | return old; |
276 | } | 276 | } |
@@ -424,7 +424,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
424 | int old = audit_pid; | 424 | int old = audit_pid; |
425 | audit_pid = status_get->pid; | 425 | audit_pid = status_get->pid; |
426 | audit_log(NULL, AUDIT_CONFIG_CHANGE, | 426 | audit_log(NULL, AUDIT_CONFIG_CHANGE, |
427 | "audit_pid=%d old=%d by auid %u", | 427 | "audit_pid=%d old=%d by auid=%u", |
428 | audit_pid, old, loginuid); | 428 | audit_pid, old, loginuid); |
429 | } | 429 | } |
430 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) | 430 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 74c2ae804ca..5fc4f52d218 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -307,7 +307,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | |||
307 | if (!err && (flags & AUDIT_AT_EXIT)) | 307 | if (!err && (flags & AUDIT_AT_EXIT)) |
308 | err = audit_add_rule(entry, &audit_extlist); | 308 | err = audit_add_rule(entry, &audit_extlist); |
309 | audit_log(NULL, AUDIT_CONFIG_CHANGE, | 309 | audit_log(NULL, AUDIT_CONFIG_CHANGE, |
310 | "auid %u added an audit rule\n", loginuid); | 310 | "auid=%u added an audit rule\n", loginuid); |
311 | break; | 311 | break; |
312 | case AUDIT_DEL: | 312 | case AUDIT_DEL: |
313 | flags =((struct audit_rule *)data)->flags; | 313 | flags =((struct audit_rule *)data)->flags; |
@@ -318,7 +318,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | |||
318 | if (!err && (flags & AUDIT_AT_EXIT)) | 318 | if (!err && (flags & AUDIT_AT_EXIT)) |
319 | err = audit_del_rule(data, &audit_extlist); | 319 | err = audit_del_rule(data, &audit_extlist); |
320 | audit_log(NULL, AUDIT_CONFIG_CHANGE, | 320 | audit_log(NULL, AUDIT_CONFIG_CHANGE, |
321 | "auid %u removed an audit rule\n", loginuid); | 321 | "auid=%u removed an audit rule\n", loginuid); |
322 | break; | 322 | break; |
323 | default: | 323 | default: |
324 | return -EINVAL; | 324 | return -EINVAL; |
@@ -678,10 +678,10 @@ static void audit_log_exit(struct audit_context *context) | |||
678 | ab = audit_log_start(context, AUDIT_SYSCALL); | 678 | ab = audit_log_start(context, AUDIT_SYSCALL); |
679 | if (!ab) | 679 | if (!ab) |
680 | return; /* audit_panic has been called */ | 680 | return; /* audit_panic has been called */ |
681 | audit_log_format(ab, "syscall=%d", context->major); | 681 | audit_log_format(ab, "arch=%x syscall=%d", |
682 | context->arch, context->major); | ||
682 | if (context->personality != PER_LINUX) | 683 | if (context->personality != PER_LINUX) |
683 | audit_log_format(ab, " per=%lx", context->personality); | 684 | audit_log_format(ab, " per=%lx", context->personality); |
684 | audit_log_format(ab, " arch=%x", context->arch); | ||
685 | if (context->return_valid) | 685 | if (context->return_valid) |
686 | audit_log_format(ab, " success=%s exit=%ld", | 686 | audit_log_format(ab, " success=%s exit=%ld", |
687 | (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", | 687 | (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", |